US Pat. No. 10,218,853

WIRELESS CONFERENCE CALL TELEPHONE

1. A system comprising:at least one wireless communication device (WCD) worn by at least one near-end participant during a telephone call with a far-end participant, each WCD comprises a body-worn pendant having a pendant body,
the pendant body including first and second connecting structures coupled with the pendant body and operative to mount the body-worn pendant like a necklace when the first and second connecting structures are connected to each other, a radio, a battery, a digital signal processor (DSP), a microphone array coupled with the DSP, a multi-use button, and a plurality of vents; and
a telephony gateway remote to the at least one WCD and including an audio processor coupled to at least one wireless radio that forms at least one audio channel with the at least one WCD,
wherein the audio processor generates an integrated audio signal from signals received from the at least one WCD,
wherein the telephony gateway comprises a connection component coupled to the audio processor and to a network carrying the telephone call,
wherein the connection component couples the integrated audio signal to the network for transmission to the far-end participant,
wherein the telephony gateway including a processor that is separate and distinct from the audio processor, and the processor electronically labels each incoming signal from the at least one WCD.

US Pat. No. 10,218,852

METHODS AND SYSTEMS FOR PROVIDING TELECONFERENCE PARTICIPANT QUALITY FEEDBACK

FUJI XEROX CO., LTD., To...

1. A method, comprising:at a computing device with one or more processors and memory storing one or more programs for execution by the one or more processors:
obtaining time-varying teleconferencing data of a teleconference session with two or more participants, wherein the teleconferencing data comprises one or more of audio data and video data;
determining a participant quality signal for a respective participant of the two or more participants based on the teleconferencing data, wherein the participant quality signal varies over time;
determining, for the respective participant, a participant quality metric based on the participant quality signal, wherein the participant quality metric is indicative of an on-call behavior of the respective participant; and
providing, to the respective participant, an indication, based on the participant quality metric, of his or her on-call behavior, wherein the indication comprises:
a first graphical object indicating the behavior of the respective participant over a rolling time window of a predefined time length, wherein the first graphical object is updated in real time; and
a set of one or more second graphical objects, each second graphical object indicating the behavior of the respective participant within a respective past time period of the predefined length.

US Pat. No. 10,218,851

VISUAL INTERFACES FOR TELEPHONE CALLS

17. A system includinga call data processing server including at least one processing circuit and a memory circuit that are configured to generated call summary metrics indicative of call models of incoming calls from callers operating telephone capable devices;
a call processing server including at least one processing circuit and a memory circuit that are configured to:
receive, at the call processing server, the incoming calls;
send, to the call data processing server, call event messages corresponding to phone calls routed by the call processing server;
receive, from the call data processing server, the call summary metrics generated from the call event messages,
modify, in response to the call summary metrics, a set of data that specifies graphical menu options for functions supported by the call processing server;
provide, to a particular caller of an incoming call using a telephone capable device having graphical display capabilities, the set of data that specifies graphical menu options for functions supported by the call processing server;
receive an indication of a selection of one of the graphical menu options; and
implement, in response to the indication, a call transfer for the particular incoming call.

US Pat. No. 10,218,850

REAL-TIME CUSTOMER PROFILE BASED PREDICTIVE ROUTING

MATTERSIGHT CORPORATION, ...

1. A system configured to route incoming tasks, comprising:a node comprising a processor and a non-transitory computer readable medium operably coupled thereto, the non-transitory computer readable medium comprising a plurality of instructions stored in association therewith that are accessible to, and executable by, the processor, where the plurality of instructions comprises:
instructions that, when executed, identify origination data for a customer contacting a contact center with a customer task;
instructions that, when executed, determine a predicted personality type of the customer based on the identified origination data and a customer profile for the customer, wherein the customer profile comprises historical customer data;
instructions that, when executed, provide a routing recommendation to a communication distributor to route the customer to an agent based on the predicted personality type of the customer and the historical customer data;
instructions that, when executed, route the customer via the communication distributor to the agent based on the routing recommendation;
instructions that, when executed, create a text of a communication between the customer and the agent; and
instructions that, when executed, update the customer profile based on the text.

US Pat. No. 10,218,849

PROVIDING COMPLIANCE ENFORCEMENT FOR MANUALLY DIALED WIRELESS NUMBERS IN A CONTACT CENTER

Noble Systems Corporation...

1. A system for ensuring compliance adherence for calls placed by a contact center, the system comprising:a compliance server configured to:
receive an indication that an agent of the contact center has completed a first call; and
after receiving the indication that the agent has completed the first call:
determine whether a second call to be placed to a first telephone number is compliant with respect to at least one compliance requirement; and
after determining the second call to be placed to the first telephone number is not compliant:
determine whether a third call to be placed to a second telephone number is compliant with respect to the at least one compliance requirement; and
provide the second telephone number to the agent of the contact center so that the agent can originate the third call to the second telephone number in response to determining the third call to be placed to the second telephone number is compliant; and
a private branch exchange configured to:
receive an indication that the agent has originated the third call by dialing the second telephone number using a phone device; and
in response to receiving the indication that the agent has originated the third call:
place the third call by using the second telephone number; and
connect the third call with the phone device being used by the agent.

US Pat. No. 10,218,848

METHOD AND APPARATUS FOR EXTENDED MANAGEMENT OF STATE AND INTERACTION OF A REMOTE KNOWLEDGE WORKER FROM A CONTACT CENTER

1. A system for managing remote agents of a communication center comprising:a first processor;
a first switch coupled to the first processor; and
a memory, wherein the memory has stored therein instructions that, when executed by the first processor, cause the first processor to:
receive, over a wide area network, from a second processor distributed at a remote geographic location, activity state information of devices associated with the remote agents, the devices being coupled to the second processor over a local data communications medium, wherein the devices associated with the remote agents do not have a control link to the first processor, wherein the second processor is adapted to register a directory number associated with an end user device of the devices associated with one of the remote agents;
detect an interaction received at the first switch;
identify, in response to detecting the interaction, the one of the remote agents based on the received activity state information;
transmit to the second processor over the wide area network, a first control message adhering to a first protocol for routing the interaction to the directory number of the end user device associated with the one of the remote agents, wherein in response to receipt of the first control message, the second processor is configured to transform the first control message to adhere to a second protocol that is adapted to be recognized by the end user device associated with the one of the remote agents, and transmit the transformed message to the end user device;
transmit a signal for routing the interaction from the first switch to a second switch coupled to the second processor;
receive from the second processor over the wide area network, a second control message for controlling the interaction as the interaction is occurring, wherein the second control message is provided over the local data communications medium to the second processor by the end user device associated with the one of the remote agents handling the interaction; and
transmit a signal to the first switch for controlling the interaction according to the second control message.

US Pat. No. 10,218,847

APPLYING USER PREFERENCES, BEHAVIORAL PATTERNS AND/OR ENVIRONMENTAL FACTORS TO AN AUTOMATED CUSTOMER SUPPORT APPLICATION

West Corporation, Omaha,...

1. A method, comprising:at an interactive voice response (IVR) system:
matching at least one user preference to a pre-recorded audio segment;
transmitting the pre-recorded audio segment to a user device based on the matching of the at least one user preference;
transmitting menu options to the user device based on the transmitting of the pre-recorded audio segment and
invoking manual setup and association with an account related to the user device for interaction with one of a male agent and a female agent.

US Pat. No. 10,218,846

CALL PROCESSING METHOD AND DEVICE

XIAOMI INC., Beijing (CN...

1. A call processing method, implemented in a terminal device, comprising:detecting whether a first intercept function is in an opening state, wherein the first intercept function is configured to intercept a strange call, and the strange call is a call from a phone number not stored in an address book of the terminal device;
detecting whether a second intercept function is in an opening state when the first intercept function is in the opening state; and
performing the second intercept function when the second intercept function is in the opening state, wherein performing the second intercept function comprises:
obtaining a call request from the strange call intercepted by the first intercept function:
obtaining usage information of the terminal device when receiving the call request from the intercepted strange call;
determining whether the usage information comprises usage information associated with the intercepted strange call; and
controlling the first intercept function not to intercept the intercepted strange call if the usage information comprises the usage information associated with the intercepted strange call.

US Pat. No. 10,218,845

METHOD AND SYSTEM FOR CONNECTING USERS VIA A CALL TAGGING APPLICATION

1. A communication system that connects a first mobile phone user with a second mobile phone user based on user availability to avoid phone tagging, comprising:a central processor;
an interactive user interface coupled to the central processor; and
a memory, coupled to the interactive user interface and central processor, the memory comprising computer-readable instructions which when executed by the central processor cause the central processor to perform the steps comprising:
receiving, via an electronic input, a request from a first mobile phone to connect with a second mobile phone for a communication event, wherein the request comprises a category comprising an indication of a routine communication or an emergency communication, a time estimate that represents an estimated duration of the communication event between the first user and the second user, a subject matter of the request to communicate that indicates a reason for the communication event and a first user availability to communicate with the second user;
identifying, via the central processor, a recipient identifier corresponding to the second mobile phone;
notifying, via a communication network, the second user of the request for communication from the first user via an user interface on the second mobile phone;
determining, via the central processor, a second user availability to communicate with the first user via the second mobile phone, wherein the second user availability is based at least in part on the time estimate;
electronically communicating, via the interactive user interface, a connection opportunity for the first user and the second user when the first user availability and the second user availability are substantially matched; and
automatically connecting the first user and the second user to engage in the communication event directly responsive to the substantially matched availability in a manner that avoids phone tagging without requiring the first user and the second user to initiate a call;
wherein the first user and the second user are human users.

US Pat. No. 10,218,844

LOCATION-BASED SERVICES FOR CONTROLLED-ENVIRONMENT FACILITIES

Securus Technologies, Inc...

1. A method, comprising: performing, by one or more computer systems: receiving, from a resident of a controlled-environment facility, a request to establish a communication call with a non-resident, the non-resident utilizing a mobile device; receiving location information providing a geographic location of the mobile device of the non-resident; determining, based on the received location information, a location of the mobile device of the non-resident different than a geographic region including the controlled-environment facility at the time of the communication call request by the resident; and denying the request for the communication call based on the location of the mobile device of the non-resident different than the geographic region including the controlled-environment facility.

US Pat. No. 10,218,843

CONTEXTUAL CONTACT SUBSTITUTION FOR MOBILE DEVICES

LENOVO ENTERPRISE SOLUTIO...

1. A method for context sensitive contact substitution for mobile communications, the method comprising:selecting a contact disposed within a list of contacts in memory of a mobile computing device for use in establishing a telephone call with the selected contact through the mobile computing device;
determining a location of the mobile computing device used in establishing the telephone call;
locating in a rule table a rule corresponding to the determined location, the rule table specifying whether an alternate contact is to be chosen to receive the telephone call based upon a common role of the alternate contact and the selected contact, or whether the alternate contact is to be chosen to receive the telephone call based upon a past pattern of contact comprising a location from where a last communication with the alternate contact had occurred;
applying the located rule in order to identify in the list of contacts an alternate contact to the selected contact based upon the determined location and a machine learned pattern that correlates telephone calls previously established with ones of the different contacts with a proximity of the mobile computing device to those of different contacts with whom telephone calls previously had been established; and,
establishing the telephone call through the mobile computing device with the alternate contact instead of the selected contact.

US Pat. No. 10,218,842

MESSAGE EXCHANGE

Value-Added Communication...

1. A centralized calling platform that provides telecommunication and message services for a correctional facility, the platform comprising:a memory; and
at least one processor and/or circuit coupled to the memory, the at least one processor and/or circuit configured to:
receive a phone call from a registered user designated for a destination phone number;
attempt to connect the phone call to a destination user associated with the destination phone number;
receive a message from the registered user after the connection attempt has failed;
record the received message;
attempt to contact the destination user at the destination phone number at periodic intervals until either a first predetermined event or a second predetermined event;
in response to an occurrence of the first predetermined event, authenticate the destination user and deliver the recorded message to the destination user after the user has been successfully authenticated;
in response to an occurrence of the second predetermined event, store the recorded message in the memory; and
generate a message notification for the inmate only after the content check has passed.

US Pat. No. 10,218,841

MICROPHONE MONITORING AND ANALYTICS

Avaya Inc., Santa Clara,...

1. A method comprising:determining, by a computing device comprising a processing device, an initiation of a new contact session that includes a communication interaction between a contact center agent (CCA) having a microphone and a contacting individual (CI);
determining, prior to an end of the new contact session, a non-audio mode, wherein audio signals received by the microphone are not communicated to the CI;
analyzing audio signals received via the microphone during the non-audio mode;
identifying, based on analyzing the audio signals received via the microphone, an utterance spoken by the CCA and indicating one of a plurality of commands related to the contact session, the plurality of commands comprising a predetermined recording command and a predetermined subsequent action command, wherein the predetermined recording command comprises a command to generate a post interaction recording of audio signals, and wherein the predetermined subsequent action command comprises a command to take an identified additional action after an end of the communication interaction;
generating contact session metadata based on and including the recording command or the subsequent action command indicated by the identified utterance;
generating a contact session record that includes the contact session metadata; and
storing the contact session record.

US Pat. No. 10,218,840

MULTI-DEVICE CALL NOTIFICATION SILENCING

Apple Inc., Cupertino, C...

1. A method for managing connections performed by a processor on a user device, the method comprising:at the user device:
receiving a notification indicating an incoming connection, wherein each of the user device and one or more associated user devices is adapted to answer the incoming connection;
listening for communication from the one or more associated user devices;
determining whether any of the one or more associated user devices is currently active; and
instructing one or more output components of the user device to provide an alert indicating the incoming connection,
wherein:
when at least one of the one or more associated user devices is currently active, the alert is limited to visual alerts and/or haptic alerts and excludes audio alerts, and
when none of the one or more associated user devices is currently active, the alert comprises an audio alert.

US Pat. No. 10,218,839

METHODS, APPARATUS AND DEVICES FOR AUTHENTICATING A CALL SESSION

MASTERCARD INTERNATIONAL ...

1. A method performed by a server for authenticating a calling party for a call session over a communications network between a first communication terminal associated with the calling party and a second communication terminal associated with a called party, wherein the calling party is one of a plurality of calling parties associated with an organization, the method comprising:storing contact information associated with a plurality of registered communication terminals within a database in communication with the server, wherein each of the plurality of registered communication terminals is designated by the organization for making outgoing calls by at least one of the plurality of calling parties, and wherein the plurality of registered communication terminals includes the first communication terminal;
retrieving the contact information from the database, the contact information comprising an association between a plurality of phone numbers of the plurality of registered communication terminals and an identity of the associated organization; and
transmitting, in response to receiving an automatic download request from the second communication terminal, the contact information to the second communication terminal, to cause information representing the identity of the associated organization to be displayed by the second communication terminal in response to the second communication terminal receiving an incoming call from any of the plurality of phone numbers associated with the plurality of registered communications terminals.

US Pat. No. 10,218,838

ATTACHING MULTIPLE PHONE LINES TO A SINGLE MOBILE OR LANDLINE PHONE

1. A computer based method comprising:associating device information corresponding to an operator device with a plurality of virtual numbers in a mapping table, the plurality of virtual numbers each having a respective corresponding contact device indicated in the mapping table;
receiving message information in response to communication of a message from a telephonic device to a virtual number of the plurality of virtual numbers, the message information including device information corresponding to the telephonic device and the virtual number;
identifying the telephonic device as the operator device or a contact device based on the message information and the device information corresponding to the operator device stored in association with the plurality of virtual numbers in the mapping table; and
in response to identifying the telephonic device:
where the telephonic device is identified as the contact device, transmitting instructions for transmitting the message received from the contact device to the operator device from the virtual number based on the mapping table indicating that the virtual number corresponds to the contact device; or
where the telephonic device is identified as the operator device, identifying, based on the mapping table, recipient device information corresponding to the contact device within the message information and transmitting instructions for transmitting the message received from the operator device to the contact device from the virtual number.

US Pat. No. 10,218,837

SYSTEMS AND METHODS FOR PREVENTING CONCURRENT DRIVING AND USE OF A MOBILE PHONE

Benjamin J. Michael Dweck...

1. A system comprising:a. a motor vehicle having at least a driver-seat within a driver seat sector;
b. a user control disposed in the driver-seat sector such that engagement of the user control starts or accelerates the motor vehicle;
c. first detection circuitry for detecting at least one of whether said motor vehicle is in motion and whether a motor of said motor vehicle is running;
d. second detection circuitry for detecting at least if a mobile phone is present in said driver-seat sector; and
e. phone disabling circuitry for disabling at least some functionality of said mobile phone, said phone disabling circuitry receiving a first input from said first detection circuitry and a second input from said second detection circuitry,
wherein, if said first input indicates that said motor-vehicle is in motion, and said second input indicates a presence of a mobile phone in said driver-seat sector, said phone-disabling circuitry disables said at least some functionality of said mobile phone,
wherein said at least some functionality includes any functionality requiring a user of said mobile phone to type, take photos, or watch a video, and does not include any voice activated functionality, hands-free functionality, or navigation functionalities.

US Pat. No. 10,218,836

METHOD FOR PROVIDING SERVICE BASED ON AWARENESS AND AN ELECTRONIC DEVICE THEREOF

SAMSUNG ELECTRONICS CO., ...

1. An electronic device comprising:a communication module comprising communication circuitry;
an air pressure sensor configured to measure air pressure;
a processor comprising processing circuitry, the processor electrically coupled to the communication module and the air pressure sensor; and
a memory electrically coupled to the processor,
wherein the memory stores instructions that, when executed by the processor, cause the processor to:
determine, using the communication module, whether the electronic device is located in a first geofence;
in response to determining that the electronic device is located in the first geofence, monitor air pressure using the air pressure sensor;
deactivate the communication module in response to detecting that the air pressure is temporarily increased and the air pressure is continuously decreased after the air pressure is temporarily increased during a first reference time;
provide in-flight service information in response to detecting that the air pressure is constantly maintained after the air pressure is continuously decreased during a second reference time;
re-activate the deactivated communication module in response to detecting that the air pressure is continuously increased and the air pressure is temporarily decreased after the air pressure is continuously increased during a third reference time;
determine, using the communication module, whether the electronic device is located in a second geofence different from the first geofence;
receive, via the communication module, data regarding a service related to the second geofence, in response to determining that the electronic device is located in the second geofence; and
provide, based on the received data, the service related to the second geofence, wherein the service related to the second geofence includes a guide on an immigration procedure for a user of the electronic device.

US Pat. No. 10,218,835

CATEGORY-BASED FENCE

Apple Inc., Cupertino, C...

1. A method comprising:detecting, by a wireless subsystem of a mobile device located at a first location, a first signal from a first signal source, the first signal including a first signal source identifier that matches a category identifier that is associated with a category-based fence, the category-based fence being a location-agnostic virtual fence corresponding to a group of signal sources located at a plurality of locations;
in response to detecting the first signal from the first signal source, notifying an application subsystem of the mobile device that the mobile device has entered the category-based fence;
detecting, by the wireless subsystem of the mobile device located at a second location that is different from the first location, a second signal from a second signal source, the second signal including a second signal source identifier that matches the category identifier; and
in response to detecting the second signal from the second signal source, notifying the application subsystem of the mobile device that the mobile device has entered the category-based fence,
wherein the application subsystem is configured to trigger a function of the mobile device that is associated with the category-based fence in response to entry into the category-based fence by the mobile device.

US Pat. No. 10,218,833

MOBILE APPLICATION FOR CONTROLLING OUTDOOR GRILL

Traeger Pellet Grills, LL...

1. A method for controlling an electronically-controlled wood-pellet grill using a software application on a mobile device, the electronically-controlled wood-pellet grill having at least one hardware controller, the method comprising:receiving an indication from one or more remote computing systems indicating that the electronically-controlled wood-pellet grill is communicably connected to the one or more remote computing systems, wherein the one or more remote computing systems comprise a cloud service;
providing a notification in the software application indicating that the electronically-controlled wood-pellet grill is available to receive instructions;
receiving a user input at the software application indicating that a particular temperature is to be maintained by the electronically-controlled wood-pellet grill;
generating one or more instructions configured to cause a hopper to feed wood pellets into the electronically-controlled wood-pellet grill at a particular rate in order to maintain the particular temperature; and
sending the generated instructions to the electronically-controlled wood-pellet grill to activate the hopper, the generated instructions being interpreted and carried out on the electronically-controlled wood-pellet grill via the hardware controller.

US Pat. No. 10,218,832

MOBILE TERMINAL UNLOCK METHOD FOR SECURITY PROTECTION

GUANGZHOU ZHIJING TECHNOL...

1. A mobile terminal unlock method for security protection, comprising:obtaining a trigger signal for unlock and entry of an unlock password when the mobile terminal is in a lockout state, and generating a first password according to the trigger signal;
generating a corresponding vibration signal according to a preset correspondence between the vibration signal and the first password and with reference to the first password, the first password containing a character, wherein a mobile terminal user presets a vibration mode in which a particular vibration corresponds to characters that form the first password, wherein according to the mobile phone vibration signal received by the user, the user determines the first password of the mobile terminal that is the unlock password of the mobile terminal;
obtaining the unlock password that is obtained by means of parsing by the user according to the vibration signal;
matching the unlock password with the first password;
determining whether the unlock password is consistent with the first password; and
when a determining result is yes, unlocking a password lock; or
when a determining result is no, obtaining a trigger signal for unlock again.

US Pat. No. 10,218,831

COMBINATION SHOULDER CRADLE AND PROTECTIVE CASE FOR MOBILE PHONES

1. A protective case for a mobile phone, comprising:a back panel, defining a substantially rectangular enclosure having a rear wall and a front opening, into which the mobile phone securely fits with a front face of the mobile phone exposed, wherein the back panel is made of a durable, rigid material;
a cover panel, having a trifold structure conforming in size and shape to the back panel and longitudinally attached to the back panel by a flexible main hinge strip, wherein the main hinge strip is configured to enable the cover panel to be alternately extended over the front opening of the back panel in a closed configuration, so as to cover and protect the front face of the mobile phone, or arched over the rear wall of the back panel in one of multiple cradle configurations;
wherein the cover panel comprises three longitudinal cover sections, consisting of a proximal cover section, to which the main hinge strip is attached, a medial cover section, which is longitudinally attached to the proximal cover section by a flexible medial hinge strip, and a distal cover section, which is longitudinally attached to the medial cover by a flexible distal hinge strip;
wherein the distal cover section of the cover panel has a distal edge which contains a primary attachment means, which conjugately connects with multiple secondary attachment means on the rear wall of the back panel, so as to support the cover panel in the cradle configurations;
wherein, in the cradle configurations, the cover panel is arched over the rear wall of the back panel, such that the medial cover section is supported in an elevated, substantially horizontal position, having an adjustable medial elevation above the rear wall of the back panel, and such that the proximal cover section and the distal cover section are each obliquely disposed on either side of the medial cover section, and such that the medial elevation can be adjusted by differentially connecting the primary attached means of the distal cover section with the multiple secondary attachment means; and
wherein, in the cradle configurations, the medial cover section can engage a shoulder of a phone user so as to support the mobile phone at the medial elevation above the shoulder of the phone user, and wherein the medial elevation can be adjusted in accordance with physical sizes and proportions of phone users.

US Pat. No. 10,218,830

DECORATION COMPONENT, HOUSING COMPONENT AND MOBILE TERMINAL HAVING SAME

GUANGDONG OPPO MOBILE TEL...

1. A decoration component for a mobile terminal, comprising:a first decoration enclosure having a first through-hole and a receiving groove surrounding the first through-hole;
a second decoration enclosure being received in the receiving groove and protruding beyond the receiving groove in an axial direction of the first through-hole, and having a second through-hole corresponding to the first through-hole; and
a cover being coupled at a side of the second decoration enclosure facing away from the first decoration enclosure, the cover covering the second through-hole,
wherein the second decoration enclosure comprises:
a base ring being received in the receiving groove; and
a connecting protrusion protruding from the base ring towards a groove bottom of the receiving groove, and abutting against the groove bottom of the receiving groove, such that a void is defined by the base ring and the groove bottom of the receiving groove,
wherein the second decoration enclosure further comprises a fixing ring protruding from the base ring towards the outside of the receiving groove, the fixing ring abuts against a top surface of the first decoration enclosure, and the connecting protrusion is spaced apart from a side wall of the receiving groove and configured to separate the void from the first through-hole.

US Pat. No. 10,218,829

PORTABLE ELECTRONIC DEVICE

MICROJET TECHNOLOGY CO., ...

1. A portable electronic device, comprising:a casing;
a flexible display panel coupled with the casing and comprising a movable region;
a cushion attached on the movable region of the flexible display panel;
an inflatable pad attached on a bottom surface of the flexible display panel and covering the cushion;
a gas transportation device disposed within the casing and in communication with the inflatable pad to transfer gas to the inflatable pad so that the inflatable pad is inflated and supporting the flexible display panel; and
a sensing unit electrically connected with the gas transportation device, wherein when an external contact force is sensed by the sensing unit, the sensing unit transmits a first driving signal to the gas transportation device, wherein in response to the first driving signal, the gas transportation device transfers gas to the inflatable pad to expand the inflatable pad and make the inflatable pad raise the cushion, so that the movable region of the flexible display panel corresponding to the cushion is raised.

US Pat. No. 10,218,828

ATTACHABLE SUPPLEMENTAL BATTERY FOR MOBILE DEVICE

Handstands Promo, LLC, S...

1. A self-attaching supplemental battery device configured for a mobile device, the supplemental battery device comprising:a) a housing containing a rechargeable battery, and having opposite sides including an attachment side and a face side;
b) a releasable attachment pad affixed to the attachment side of the housing and configured to releasably couple the housing and the rechargeable battery to a back of the mobile device;
c) a cover removably carried by the housing and selectively locatable on either side thereof;
d) the cover comprising a panel sized and shaped to substantially cover the releasable attachment pad in a protection location when located on the attachment side of the housing, and exposing the releasable attachment pad in a storage location when located on the face side of the housing opposite the attachment side;
e) a first cord with a first plug electrically coupled to the rechargeable battery;
f) a first pocket formed in the housing and removably receiving the first plug; and
g) a first cutout formed in the panel of the cover and alignable with the first pocket of the housing; and
h) the first cutout aligning with the first pocket in a first orientation of the cover in the storage location over the face side of the housing so that the first plug is accessible.

US Pat. No. 10,218,827

HOUSING FEATURES OF AN ELECTRONIC DEVICE

APPLE INC., Cupertino, C...

1. An enclosure, comprising:a first part defining:
a first portion of an exterior side surface of the enclosure; and
a first portion of an interior surface of the enclosure;
a second part defining:
a second portion of the exterior side surface of the enclosure;
a portion of an exterior back surface of the enclosure; and
a second portion of the interior surface of the enclosure;
a first joining element between the first part and the second part; and
a second joining element, between the first part and the second part, defining a third portion of the exterior side surface of the enclosure and mechanically interlocked with the first part and the second part.

US Pat. No. 10,218,826

SCALABLE, LIVE TRANSCODING WITH SUPPORT FOR ADAPTIVE STREAMING AND FAILOVER

GOOGLE LLC, Mountain Vie...

1. A method comprising:separating, using a separation component, a plurality of input streams into a plurality of audio streams having different bitrates and a plurality of video streams having different bitrates;
transcoding, using an audio transcoder, the plurality of audio streams into a plurality of transcoded audio streams having different transcode qualities;
transcoding, using a video transcoder, the plurality of video streams into a plurality of transcoded video streams having different transcode qualities;
segmenting, using a segmentation component, the plurality of audio streams into a plurality of equivalent audio segments based on identified segment boundaries associated with the plurality transcoded audio streams and the plurality of video streams into a plurality of equivalent video segments based on identified segment boundaries associated with the plurality of transcoded video streams; and
joining, using a conjoining component, the plurality of equivalent audio segments and the plurality of video segments into a single stream.

US Pat. No. 10,218,825

ORCHESTRATING RESOURCES IN A MULTILAYER COMPUTING ENVIRONMENT BY SENDING AN ORCHESTRATION MESSAGE BETWEEN LAYERS

International Business Ma...

1. A method comprising:receiving, by one or more processors, an operation to perform across a multilayer cloud computing environment, wherein the multilayer cloud computing environment includes an application layer, a platform layer, and an infrastructure layer;
generating, by one or more processors, a message for performing the operation across the multilayer cloud computing environment, wherein the message includes a plurality of layer portions that include sub-operation(s) of the operation, wherein each layer portion corresponds to a respective layer in the multilayer cloud computing environment, and wherein at least a first layer portion corresponding to a first layer in the multilayer cloud computing environment is nested within a second layer portion corresponding to a second layer in the multilayer cloud computing environment; and
orchestrating, by one or more processors, performance of the operation by sending the message between layers in the multilayer cloud computing environment according to a sequence for performing sub-operation(s) indicated in the message, wherein when the message is located at a respective layer, the layer performs a respective set of sub-operation(s) according to the respectively corresponding layer portion for the layer in the message.

US Pat. No. 10,218,824

APPARATUS, SYSTEM AND METHOD OF COMMUNICATING VIA A PLURALITY OF SECTORIZED ANTENNAS

INTEL IP CORPORATION, Sa...

1. An apparatus comprising circuitry and logic configured to cause a first wireless station to:during a first beamforming training with a second wireless station, communicate one or more first frames with the second wireless station via a first sectorized antenna of a plurality of sectorized antennas of the first wireless station, the first frames comprising a first Identifier (ID) of the first sectorized antenna;
communicate one or more beamformed transmissions with the second wireless station based on the first beamforming training;
communicate a second frame with the second wireless station via a second sectorized antenna of the plurality of sectorized antennas of the first wireless station, the second frame to initiate a second beamforming training between the second sectorized antenna and the second wireless station, the second frame comprising a second ID of the second sectorized antenna; and
communicate a beamforming training frame of the second beamforming training comprising a transition indicator to indicate whether or not the first wireless station is to transition from the first sectorized antenna to the second sectorized antenna.

US Pat. No. 10,218,823

FLEXIBLE ETHERNET CLIENT MULTI-SERVICE AND TIMING TRANSPARENCY SYSTEMS AND METHODS

Ciena Corporation, Hanov...

1. A node configured to support multi-service with Flexible Ethernet (FlexE), the node comprising:circuitry configured to receive a client signal;
circuitry configured to map the client signal into a FlexE shim; and
timing circuitry configured to transmit adaptation and timing information (Cn) in reserved FlexE overhead fields, wherein a second node connected to the node is configured to receive the adaptation and timing information (Cn) and utilize a specific operational code in FlexE to rate adapt the client signal based on the adaptation and timing information (Cn).

US Pat. No. 10,218,822

PHYSICAL LAYER FRAME FORMAT FOR WLAN

Marvell World Trade Ltd.,...

1. A method for generating a physical layer (PHY) data unit for transmission via a communication channel, the PHY data unit conforming to a first communication protocol, the method comprising:generating, at a first communication device, a PHY preamble for the PHY data unit, including:
generating a first portion of the PHY preamble to include a first signal field having a length subfield that indicates a length of the PHY data unit,
generating a second signal field,
including in the PHY preamble the second signal field and a duplicate of the second signal field, and
formatting the PHY preamble such that the first portion of the PHY preamble is decodable by any second communication device that conforms to a second communication protocol, but does not conform to the first communication protocol, to determine a duration of the PHY data unit based on the length subfield in the first portion of the PHY preamble; and
generating, at the first communication device, the PHY data unit to include the PHY preamble.

US Pat. No. 10,218,821

APPARATUS AND METHOD OF TRANSMITTING AND RECEIVING PACKET IN A BROADCASTING AND COMMUNICATION SYSTEM

Samsung Electronics Co., ...

1. A method of transmitting data in a broadcasting system, the method comprising:generating a source symbol block including source symbols, each source symbol partitioned into an equal number of symbol elements, and each symbol element having multiple and an equal number of bytes;
placing a first source packet into a plurality of first symbol elements of the source symbol block, and placing a second source packet following the first source packet into one or more second symbol elements-following the plurality of first symbol elements;
encoding the source symbols of the source symbol block comprising the first and the second source packets; and
transmitting information indicating a number of symbol elements in each of the source symbols,
wherein at least a portion of the first source packet and at least a portion of the second source packet are placed into a same source symbol of the source symbol block and at least one byte of a last symbol element of the plurality of first symbol elements is padded before the one or more second symbol elements, based on the last symbol element of the first symbol elements not being a last symbol element of the same source symbol and data of the first source packet not filling the plurality of first symbol elements.

US Pat. No. 10,218,820

METHOD AND APPARATUS FOR PROCESSING DATA PACKET BASED ON PARALLEL PROTOCOL STACK INSTANCES

HUAWEI TECHNOLOGIES CO., ...

1. A method for processing a data packet, comprising:determining a distribution policy for a plurality of data packets according to a distribution policy information of a network adapter that distributes the data packets;
assigning the distribution policy to the network adapter;
monitoring a first instruction of a first application to create a first target socket for processing a first data packet;
determining, in a plurality protocol stack instances, a first protocol stack instance according to the distribution policy;
creating the first target socket in the first protocol stack instance;
receiving the first data packet from the network adapter, the first data packet being distributed to the first protocol stack instance according to the distribution policy; and
performing, by the first protocol stack instance, protocol processing on the first data packet using the first target socket.

US Pat. No. 10,218,819

APPARATUS AND METHOD FOR TRANSMITTING AND RECEIVING SIGNAL IN MULTIMEDIA SYSTEM

Samsung Electronics Co., ...

1. An operating method of a transmitting apparatus in a broadcasting system, the operating method comprising:identifying at least one network layer packet;
generating a link layer packet based on the at least one network layer packet wherein the link layer packet comprises a header and a payload, the header including a basic header; and
transmitting the link layer packet,
wherein the basic header includes packet type information indicating a type of the at least one network layer packet, configuration information indicating whether the link layer packet includes a single network layer packet, and identification information indicating whether an additional header following the basic header is present.

US Pat. No. 10,218,818

MATCHING ENCODER OUTPUT TO NETWORK BANDWIDTH

GOOGLE LLC, Mountain Vie...

1. A method comprising:identifying a plurality of communication networks reachable by a host mobile device;
selecting, from the plurality of communication networks reachable by the host mobile device, a communication network providing higher bandwidth than one or more other communication networks of the plurality of communication network, the selecting being based on bandwidth characteristics of the plurality of communication networks;
obtaining from an external data store, one or more performance properties corresponding to the selected communication network;
measuring, by a processing device, one or more network performance metrics of the selected communication network using a plurality of data units sent from the host mobile device to a target via the selected communication network;
determining an estimated available bandwidth based on the measured network performance metrics, the performance properties obtained from the external data store, and a reliability attributed to the performance properties stored in the external data store;
configuring, by the processing device and according to the estimated available bandwidth, a codec selected from a plurality of codecs implemented in the host mobile device to achieve an output rate of the codec that is optimal for the available bandwidth from the host mobile device to the target via the selected communication network, the configuring comprises adjusting one or more parameters of the codec based upon the estimated available bandwidth;
encoding, by the processing device, data using the configured codec; and
transmitting, by the processing device, the encoded data to the target via the selected network.

US Pat. No. 10,218,817

DIGITAL RIGHTS LIST FOR DEVICE GROUPS

MICROSOFT TECHNOLOGY LICE...

1. A device directory server, comprising:a memory configured to maintain a primary digital rights management list associating a user device with a primary online account for a user having a content license for a digital content item;
a communication interface configured to receive a status update, wherein the status update indicates the user device is still in use by the user when sent by the user device; and
a processing core having at least one processor configured to determine whether the status update has been received from the user device and to deactivate the user device on the primary digital rights management list when no status update has been received within a pruning period, wherein the pruning period describes a device-specific length of time for the user device to be associated with the primary online account.

US Pat. No. 10,218,816

INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING METHOD, SERVER, AND CONTROL METHOD AND CONTROL PROGRAM OF SERVER

NEC Corporation, Tokyo (...

1. An information processing system comprising:a communication apparatus including an Internet Protocol interface and a non-Internet Protocol interface, wherein the communication apparatus is configured to:
connect to a network through the Internet Protocol interface, and
communicate with a first device and a second device through the non-Internet Protocol interface; and
a server configured to communicate with the communication apparatus via the network, the server comprising:
a storage that stores:
device drivers for achieving communication between the first and second devices and the server,
a mapping table that indicates that a first operation is to be performed by at least one of the first and the second devices in accordance to a second operation performed to one of the first and second devices, and
history of errors or successes of the first operation performed by a combination of the first and second devices;
a memory that stores a set of instructions; and
a hardware processor configured to execute the set of instructions to:
detect that the first and second devices are connected to the non-Internet Protocol interface of the communication apparatus;
determine that the first operation is to be performed by at least one of the first and the second devices based on the mapping table; and
transmit instruction data to the communication apparatus to cause at least one of the first and the second devices to perform the first operation,
wherein the communication apparatus communicates with the first and second devices by specifying and using the device drivers stored in the server, without installing the device drivers in the communication apparatus.

US Pat. No. 10,218,815

METHOD, DEVICE, AND SYSTEM FOR COMMUNICATING A CHANGEABILITY ATTRIBUTE

1. A method of communicating changeability attribute information comprising:a server that hosts a service sending at least one first message to a terminal device in response to determining that a number of changeability settings for attributes for features of the service for a user has been changed is above a predetermined number, the first message comprising information about a changeability of attributes for features of the service to prompt the terminal device to send a second message to the server to receive data for changing changeability settings for attributes of features that have been changed;
the terminal device delaying the sending of the second message after the terminal device has received the at least one first message until an application is actively running on the terminal device, the application being run on the terminal device to utilize the service hosted by the server, the terminal device being an electronic device comprising a processor connected to non-transitory memory configured to generate a user interface for use of the service including identifiers for the features, the features comprising a first feature having a first attribute of the attributes and a second feature having a second attribute of the attributes;
in response to the application being activated for running on the terminal device to use the service after the at least one first message was received at the terminal device, the terminal device sending the second message to the server, the second message comprising information about the changeability of the attributes for the features identified as having been changed in the first message, the second message configured to prompt the server to respond to the second message by sending a third message to the terminal device, and
the terminal device updating how the user interface for the service is to be displayed in a display device connected to the terminal device in response to receiving the third message from the server, the third message comprising information indicating a changeability setting for the first attribute and a changeability setting for the second attribute such that the user interface is displayable so that (i) the identifier of the first feature is changed from indicating the first feature is an unchangeable feature to indicating that the first feature is a changeable feature that is adjustable by a user via input that is entered via the user interface and (ii) the identifier of the second feature is changed from indicating the second feature is a changeable feature that is adjustable via input that is entered via the user interface to a feature that is no longer changeable by the user in accordance with the information indicating the changeability settings of the third message; and
the terminal device receiving a fourth message from the server that hosts the service available to the terminal device when the attributes for the features that has been changed is below the predetermined number, the fourth message comprising information identifying the attributes for the features that have been changed that is below the predetermined number and information indicating the changeability settings for each of these attributes.

US Pat. No. 10,218,814

OPTIMIZED IMAGE DELIVERY OVER LIMITED BANDWIDTH COMMUNICATION CHANNELS

Bradium Technologies LLC,...

1. A method of communicating images for display on a wireless mobile device, the method being performed by one or more servers, the method comprising steps of:employing a predetermined pyramid grid structure arranged in a hierarchy comprising a plurality of levels such that each level of the hierarchy includes a regular grid, the regular grid at each lower level of the hierarchy having more elements than at a higher level in the hierarchy, wherein each element of each regular grid defines a discrete spatial area, and the discrete spatial areas at any given level cover, in a substantially continuous and non-overlapping manner, an area that is substantially the same across the plurality of levels;
providing client software to the wireless mobile device;
using data of a source image processed with respect to the plurality of levels to obtain a series of related images of progressively lower detail level, wherein each related image of the series of related images comprises image data and is subdivided into a regular array of substantially non-overlapping image parcels, wherein image parcels of each regular array of the image parcels form a plurality of discrete portions of a related image of the series of related images according to discrete spatial areas associated with a corresponding level of the predetermined pyramid grid structure;
receiving a first request at the one or more servers from the wireless mobile device over a network communication channel, the first request being specifically for a first image parcel of the series of related images, the first image parcel corresponding to a first grid element of the predetermined pyramid grid structure, the first grid element corresponding to a first discrete spatial area;
sending the first image parcel from the one or more servers to the wireless mobile device over the network communication channel, in response to the first request;
receiving a second request at the one or more servers from the wireless mobile device over the network communication channel, the second request being specifically for a second image parcel of the series of related images, the second image parcel corresponding to a second grid element of the predetermined pyramid grid structure, the second grid element corresponding to a second discrete spatial area, the step of receiving the second request being performed after the step of receiving the first request, wherein a first non-empty overlap area exists between the first discrete spatial area and the second discrete spatial area; and
sending the second image parcel from the one or more servers to the wireless mobile device over the network communication channel, in response to the second request;
wherein the client software comprises instructions to configure the wireless mobile device to:
employ the predetermined pyramid grid structure;
request and receive image parcels through a local embedded server, the local embedded server being configured to use a local image repository to store image parcels using a local image repository, the local embedded server providing access to at least some image parcels;
determine a first user-controlled viewing frustum based on a navigational input to the wireless mobile device;
select the first image parcel of the series of related images based on the predetermined pyramid grid structure and the first user-controlled viewing frustum, and send the first request, automatically without specific user input, in response to the navigational input;
select the second image parcel of the series of related images based on the predetermined pyramid grid structure and the first user-controlled viewing frustum, and send the second request, automatically without specific user input, in response to the navigational input;
the first request and the second request being sent according to a priority order based at least in part on corresponding levels in the predetermined pyramid grid structure, the first image parcel having an earlier priority than the second image parcel according to the priority order;
automatically, without further user input after the navigational input, render a view for the first user-controlled viewing frustum comprising rendering at least a portion of the first image parcel before finishing receiving and rendering the second image parcel, to thereby enable a regional enhancement of level of details for the first user-controlled viewing frustum in at least the first non-empty overlap area; and
store the first image parcel and the second image parcel received by the wireless mobile device.

US Pat. No. 10,218,813

AUTOMATIC SURGE PROTECTION OF SYSTEM RESOURCES

salesforce.com, inc., Sa...

1. A method, comprising:receiving, by a computer system, at a current time point, a request for a first number of permits from a particular consumer of a plurality of consumers, wherein each permit corresponds to a specified portion of a software resource;
comparing the requested number of permits to a total number of available permits; and
in response to determining that the requested first number of permits is greater than the total number of available permits:
determining that a different consumer of the plurality of consumers was granted a third number of permits during a period of time to the current time point, wherein the third number of permits is the largest number of permits granted to one of the plurality of consumers during the period of time;
comparing a second number of permits granted to the particular consumer during the period of time to the third number of permits granted to the different consumer during the period of time prior to the current time point;
rejecting access to the software resource by the particular consumer based on a comparison of a difference between the second number of permits and the third number of permits to a threshold value.

US Pat. No. 10,218,812

MANNER OF DISPLAY IN A MOBILE APPLICATION

AMERICAN EXPRESS TRAVEL R...

1. A method comprising:determining, by a computer based system, that a host preference at least partially satisfies a device preference associated with a mobile device, based on a request for a second content from a mobile application;
wherein the host preference includes the second content and a second manner of displaying the second content;
determining, by the computer based system, the second content from the host preference that corresponds to the device preference;
determining, by the computer based system, the second manner of displaying the second content from the host preference that corresponds to the device preference; and
transmitting, by the computer based system, the second content and the second manner of displaying the second content,
wherein the mobile application modifies a first content and a first manner of displaying the first content to comply with the second content and the second manner of displaying the second content such that the second content and the second manner of displaying are included in the mobile application without having to re-deploy the mobile application from a mobile application store.

US Pat. No. 10,218,811

SYSTEMS AND METHODS FOR UTILIZING UNUSED NETWORK CAPACITY FOR PREFETCH REQUESTS

Oath (Ameericas) Inc., N...

1. A computer-implemented method for utilizing unused network capacity for prefetch requests, the method comprising:receiving, over a network at one or more servers, unused network capacity information from a network provider of the network;
determining, by the one or more servers, a threshold value for approving a candidate prefetch request based on the received unused network capacity information;
receiving, over the network at the one or more servers, a plurality of candidate prefetch requests from an application running on a device connected to the network of the network provider;
determining, for each candidate prefetch request of the plurality of candidate prefetch requests by the one or more servers, a likelihood-of-use score for the candidate prefetch request, the likelihood-of-use score for the candidate prefetch request being based on a likelihood that a user of a device will request data associated with the candidate prefetch request; and
approving or not approving, for each candidate prefetch request of the plurality of candidate prefetch requests by the one or more servers, the candidate prefetch request being based on the determined threshold value and the determined likelihood-of-use score for the candidate prefetch request.

US Pat. No. 10,218,810

DYNAMIC CONTENT CACHING SYSTEM

ZENEDGE, INC., Los Angel...

1. A method for caching dynamic content comprising:receiving a web page including online content;
parsing out dynamic content from static content within the online content of the web page, the dynamic content identified by one or more dynamic content tags within the web page;
storing the static content of the web page within a static cache;
storing the parsed out dynamic content of the web page within a personalized cache;
retrieving, in response to receiving a request for the web page, the static content of the web page from the static cache;
identifying the one or more dynamic content tags within the web page from the retrieved static content;
retrieving, from the personalized cache, the dynamic content of the web page corresponding to the one or more dynamic content tags;
merging the dynamic content and the static content to assemble a cached version of the web page; and
transmitting the cached version of the web page responsive to the request for the web page.

US Pat. No. 10,218,807

NETWORK TRAFFIC MANAGEMENT USING PORT NUMBER REDIRECTION

iboss, Inc., San Diego, ...

1. A method performed by data processing apparatuses, the method comprising:receiving, from a device over a network, a first request that includes an address;
in response to receiving the first request, determining, based at least in part on information included in the first request, that the first request is to be redirected;
in response to determining that the first request is to be redirected, selecting a first port number out of a collection of possible port numbers wherein selecting a first port number out of a collection of possible port numbers comprises:
identifying a handling rule for handling the request;
identifying a port number that is associated with the handling rule;
sending, by a network gateway and to the device over the network, a redirect message that includes the address and the first port number;
receiving, by a proxy server that is a different device than the network gateway and from the device over the network, a second request that includes the address and the first port number, wherein the proxy server serves resources through the Web Cache Communication Protocol (WCCP);
determining that the first port number is included in a predetermined list of first port numbers;
responsive to determining that the first port number is on the predetermined list of port numbers, modifying the second request by removing the first port number wherein modifying the second request by removing the first port number comprises modifying the second request according to the handling rule; and
sending the modified second request to the address.

US Pat. No. 10,218,806

HANDLING LONG-TAIL CONTENT IN A CONTENT DELIVERY NETWORK (CDN)

Level 3 Communications, L...

1. A method of content delivery in a content delivery network comprising at least a first tier of servers, the method comprising:(A) at a first server in the first tier of servers, obtaining a request from a client for a resource, wherein the resource is available as part of a content provider's library;
(B) determining whether the resource is available at the first server or at a peer of the first server;
(C) based on and as a result of said determining in (B), if it is determined that the resource is not available at the first server or at a peer of the first server, determining if the resource is popular, wherein the resource is part of an object, and wherein determining whether said resource is popular is based, at least in part, on whether the resource is an initial part of the object;
(D) based on and as a result of said determining in (C), if the resource is determined to be popular in (C), then the first server obtaining the resource and the first server serving the resource to the client, otherwise,
(E) based on and as a result of said determining in (C), if the resource is determined in (C) not to be popular, directing the client to a second server in a second tier of servers distinct from the first tier of servers,
wherein distinct portions of the content provider's library are logically partitioned across servers in the second tier of servers,
wherein the second server comprises a first portion of the content provider's library, the first portion comprising at least the resource, and wherein at least one other server in the second tier of servers comprises a second portion of the content provider's library, said second portion of the content provider's library being distinct from said first portion of the content provider's library, and
wherein the second tier of servers is any intermediate tier of servers between the first tier of servers and an origin server that stores resources associated with the content provider's library, and
(F) the second server serving the resource to the client.

US Pat. No. 10,218,805

METHOD AND APPARATUS FOR CAUSING DELAY IN PROCESSING REQUESTS FOR INTERNET RESOURCES RECEIVED FROM CLIENT DEVICES

CLOUDFLARE, INC., San Fr...

1. A method in a server comprising:receiving, from a client device, a first request for a resource, wherein the first request includes a first location;
transmitting a first response to the client device that includes a first redirection instruction to a second location at a second server, wherein the first response includes an indication of a first number of redirects that the client device is to complete prior to the first request being fulfilled, and wherein the first number of redirects is two or more, wherein the second server is located remotely from the server that received the first request for the resource; and
causing the second server to:
receive, from the client device, a second request for the resource, where the second request includes the second location as a result of the first redirection instruction,
responsive to determining, from the second request, that the first number of redirects has not been performed, perform the following:
(a) transmit a second response to the client device that includes a second redirection instruction to the second location, wherein the second response includes an indication of a second number of redirects that the client device is to complete prior to the first request being fulfilled, and wherein the second number of redirects is smaller than the first number of redirects,
(b) receive, from the client device, a third request for the resource as a result of the second redirection instruction, wherein the third request includes the second location,
(c) responsive to determining, from the third request, that the second number of redirects has not been performed by the client device, repeat (a) and include an indication of a reduced number of redirects until receipt of a request from the client device that indicates that the reduced number of redirects has been performed by the client device, and
(d) responsive to determining, from the third request, that the second number of redirects has been performed by the client device, fulfil the first request.

US Pat. No. 10,218,804

SELECTIVE TOKEN CLASH CHECKING FOR A DATA WRITE

International Business Ma...

1. A computer-implemented method for selectively performing token clash checks for data writes, the method comprising:receiving, by a first storage node, a first request to write a first set of data to a first storage device of the first storage node, wherein the first storage device is configured to transfer or receive data directly to or from a second storage device without transferring the data to or from a host device mapped to the first storage node;
determining, by the first storage node, that a first token clash check does not need to occur for the first request, the first token clash check including determining whether the first request is requesting to write to one or more addresses that are associated with one or more tokens owned by a first transaction, the one or more tokens being a proxy for a set of data within one or more particular address ranges of the first storage device;
receiving, by the first storage node, a second request to write a second set of data to the first storage device of the first storage node;
determine, based on the first set of data that the write is expected to be received at the first storage node;
receive, from a second transaction, a third request to write a third set of data to the first storage device of the first storage node;
determine, based on the second set of data specifying that a virtual machine (VM) migration needs to occur, that a second token clash check needs to occur for the second transaction; and
perform in response to determining that the second token clash check needs to occur for the second transaction, the second token clash check,
wherein the second token clash check includes:
storing a first set of tokens associated with the first transaction in a segment tree, the first set of tokens specifying a first set of logical block address ranges;
storing a second set of tokens associated with the second transaction in the segment tree, the second set of tokens specifying a second set of logical block address ranges;
determining whether a portion of the first set of logical block address ranges of first set of tokens matches a portion of the second set of logical block address ranges of the second set of tokens;
identifying, in response to the portion of the first set of logical block address ranges of the first set of tokens matching the portion of the second set of logical block address ranges, a portion of tokens of the second set of tokens associated with the portion of the second set of logical block address ranges; and
invalidating the portion of tokens of the second set of tokens, wherein invalidating includes deleting the portion of tokens of the second set of tokens.

US Pat. No. 10,218,803

INTEGRATION OF CLOUD SERVICES FOR CONSUMPTION IN CLOUD APPLICATIONS

SAP SE, Walldorf (DE)

1. A computer implemented method to integrate platform services into applications, the method comprising:providing an integration service layer (ISL) for interaction between an application and a platform service;
the ISL providing at least one instantiated interface correspondingly defined for the platform service;
the ISL providing integration functionality between a plurality of platform services;
configuring the application to consume resources from the platform service through the ISL;
providing one or more servlets in the ISL;
the one or more servlets supporting data interaction at the application by implementing at least one of data acquisition and data consumption for the application at the ISL;
the application including implementation logic incorporating functionality and resources provided by the platform service into the application; and
defining a connection between an object of a user interface (UI) of the application and the corresponding interface defined at the ISL for the platform service.

US Pat. No. 10,218,802

TIERED NOTIFICATION FRAMEWORK

Microsoft Technology Lice...

1. A computing device for presenting notifications on a user interface presentation, comprising:a first notification presentation component configured to receive and process first-type notifications from a sender computing device; and
a second notification presentation component configured to receive and process second-type notifications,
a particular first-type notification being received in response to a notification creation event,
the particular first-type notification including or otherwise conveying: information which specifies a sender user who is associated with the particular first-type notification and information associated with content of the particular first-type notification,
the first notification presentation component being configured to:
identify the sender user associated with the particular first-type notification;
determine whether the user interface presentation includes a person indicator associated with the sender user; and
present the content associated with the particular first-type notification in a first notification region of the user interface presentation, in a manner that conveys an association between the particular first-type notification and the person indicator, if the person indicator is determined to be present,
the second notification presentation component being configured to present content associated with each second-type notification, including a second-type notification associated with the sender user, in a second notification region of the user interface presentation,
wherein the first notification region corresponds to an allocated window of the user interface presentation, wherein the content of the particular first-type notification that is presented in the allocated window graphically conveys a link between the particular first-type notification and the person indicator.

US Pat. No. 10,218,801

INFORMATION DEVICE IDENTIFICATION SYSTEM, INFORMATION DEVICE IDENTIFICATION METHOD, INFORMATION DEVICE, NON-TRANSITORY COMPUTER READABLE RECORDING MEDIUM FOR USE IN A COMPUTER WHICH CAN ASSOCIATE IDENTICAL USERS WITH EACH OTHER

Panasonic Intellectual Pr...

1. An information device identification system, comprising a network information apparatus and an information device,wherein the network information apparatus is configured to:
hold a specific remote host name indicating a predetermined remote host;
receive an inquiry about an internet protocol (IP) address corresponding to one remote host name indicating one remote host, the IP address being used by a device to connect to the one remote host;
determine whether or not the one remote host name received by the network information apparatus matches the specific remote host name held by the network information apparatus; and
respond by transmitting, to the device, an IP address of an information device instead of the IP address indicating the one remote host when the network information apparatus determines that the one remote host name matches the specific remote host name, and
wherein the information device is configured to, when the device is caused to send a request for data to the one remote host using the IP address of the information device transmitted by the network information apparatus, respond by transmitting, to the device, data including information for instructing the device to connect to a predetermined redirect destination and specific information for uniquely identifying the information device.

US Pat. No. 10,218,799

OPTIMIZING CLIENT DISTANCE TO NETWORK NODES

International Business Ma...

1. A method for optimizing client distances to nodes in a distributed computing environment, the method comprising:receiving, by a first node, a first registration request associated with a first client wherein the first registration request comprises a distance from the first client to the first node and a distance from the first client to a second node and wherein the first client is currently associated with the second node;
determining, by the first node, if a second client associated with the first node is suitable for an exchange to the second node based on a distance between the second client and the second node being less than a distance between the second client and the first node;
responsive to determining the second client is suitable, sending, by the first node, a migration request to the second client; and
responsive to the second client connecting via a second registration request to the second node, accepting, by the first node, the first registration request, wherein the first client connects to the first node.

US Pat. No. 10,218,798

CREATING SEGMENTS FOR DIRECTED INFORMATION USING LOCATION INFORMATION

FOURSQUARE LABS, INC., N...

1. A system comprising:a memory; and
at least one processor connected with the memory, configured to execute operations comprising:
sending, by a server device, directed content to a client computing device, wherein the directed content is unsolicited;
receiving passive information from the client computing device, wherein the passive information is received after the client computing device receives the directed content;
detecting, by the server device, that the client computing device is located at a predicted venue using the passive information;
when the directed content is associated with the predicted venue, determining, by the server device, whether the directed content has been displayed on the client computing device prior to receiving the passive information, wherein the determining is based on a message received from the client computing device when the directed information scrolls into view on a display of the client computing device;
in response to determining that the directed content associated with the predicted venue has been displayed on the client computing device prior to receiving the passive information, applying a statistical model to calculate a confidence score that the client computing device is located at the predicted venue; and
when the confidence score meets a predetermined threshold, storing a directed content conversion record in a data store.

US Pat. No. 10,218,797

COMMUNICATING ROUTING MESSAGES USING SERVICE DISCOVERY IN NEIGHBOR AWARENESS NETWORKS

Intel IP Corporation, Sa...

1. A device, the device comprising a memory and processing circuitry configured to:assign a Neighbor Awareness Network (NAN) service name to a routing protocol;
determine a NAN service discovery frame comprising a routing protocol message of the routing protocol, wherein the routing protocol message includes information for constructing or maintaining a routing table for a mesh network; and
cause to send the NAN service discovery frame to a second device during a discovery window, wherein the NAN service discovery frame comprises an indication to initiate an advertisement or a solicitation.

US Pat. No. 10,218,796

COMMUNICATION APPARATUS AND CONTROL METHOD FOR SERVICE DISCOVERY PROCESSING

Canon Kabushiki Kaisha, ...

1. A communication apparatus capable of communicating with another apparatus via a network, the communication apparatus comprising:at least one processor; and
a predetermined communication interface,
wherein the at least one processor is configured to function as following units:
a receiving unit configured to receive at least one piece of external apparatus information sent from at least one external apparatus via the predetermined communication interface, the received at least one piece of external apparatus information including service identification information that identifies at least one service able to be provided by the at least one external apparatus;
a display control unit configured to perform control so as to display, using a web browser, at least one piece of the service identification information from the received at least one piece of external apparatus information that identifies the at least one service provided by the at least one external apparatus;
a control unit configured to, out of the at least one piece of service identification information displayed by using the web browser, receive a selection of any piece of the displayed at least one piece of the service identification information to designate the any piece of the displayed at least one piece of the service information as selected identification information; and
a communication control unit configured to establish communication, via the predetermined communication interface, with an external apparatus corresponding to the selected identification information;
wherein the receiving unit is capable of receiving the at least one piece of external apparatus information sent from the at least one external apparatus even if the at least one external apparatus does not belong to a same network as the communication apparatus, and
wherein in a case where the selected identification information indicates that the external apparatus corresponding to the selected identification information does not belong to the same network as the communication apparatus, the communication control unit performs control to cause the communication apparatus to belong to the same network as the external apparatus corresponding to the selected identification information and establish a communication with the external apparatus corresponding to the selected identification information.

US Pat. No. 10,218,795

REMOTE SENSUAL PROTOCOL/PLATFORM

1. A remote sensual server-device to connect a first entity to a second entity for a sexual activity by a plurality of connected-devices, comprising:a) a detecting and pairing unit implemented by one or more processors to detect and pair said plurality of connected-devices with said remote sensual server-device;
b) identifying a device-communication protocol for each of the plurality of connected-devices;
c) a monitoring unit having monitoring-communication protocol implemented by one or more processors to monitor a bio-feedbacks of said first entity and said second entity from a plurality of monitoring means during said sexual activity;
d) a storing unit implemented by one or more processors to store said bio-feedbacks;
e) an analyzing unit implemented by one or more processors to analyze said bio-feedbacks;
f) an optimizing unit implemented by one or more processors to optimize said bio-feedbacks;
g) a translating unit implemented by one or more processors to translate said device-communication protocol and said monitoring-communication protocol into a generic protocol which functions said connected-devices;
h) a communicating unit implemented by one or more processors to communicate between said entities;
i) a commanding unit implemented by one or more processors to command said connected-devices;
j) a controlling and adjusting unit implemented by one or more processors to control and adjust operation of said connected-devices during said sexual activity, and
whereby said remote sensual server-device enables said entity to focus on pleasure which happens in the right side of the brain instead of logical thinking which happens in the left side of the brain to interfere with the pleasure.

US Pat. No. 10,218,794

SYSTEM AND METHOD FOR DECISION-MAKING BASED ON SOURCE ADDRESSES

1. A system comprising a first actor node, the first actor node comprising:a memory configured to store i) a first source address of a first sensor node and ii) a second source address of a second sensor node, as configuration information for acting on the first and second source addresses when detected in data packets;
a receiver configured to monitor a plurality of wirelessly-transmitted data packets for the first and second source addresses, wherein the transmitted packets originate at a plurality of sensor nodes that comprises the first and second sensor nodes; and
a processor configured to generate a signal in response a detection of both i) a first packet having the first source address and ii) a second packet having the second source address, the signal being based on i) a first event whose occurrence is indicated by the first sensor node and ii) a second event whose occurrence is indicated by the second sensor node, wherein the processor is configured to generate the signal without either of the first and second packets addressing the first actor node.

US Pat. No. 10,218,793

SYSTEM AND METHOD FOR RENDERING VIEWS OF A VIRTUAL SPACE

Disney Enterprises, Inc.,...

1. A system configured to render views of a virtual space, the system comprising:one or more physical processors configured by machine-readable instructions to:
execute an instance of a virtual space, and implement the instance of the virtual space to determine views of the virtual space, the virtual space including virtual space content, the virtual space content comprising topography and virtual objects, the implementation of the instance of the virtual space facilitating user participation in the virtual space, the user participation including controlling one or more available virtual objects to interact with the virtual space and one or more other virtual objects present in the virtual space, the control being exercised through user input via individual computing platforms associated with individual users;
determine views of the virtual space by associating virtual space content with discrete layers that define the views of the virtual space, individual layers corresponding to different depths of simulated depth-of-field within the views, the layers comprising a first layer corresponding to a first simulated depth-of-field, a second layer corresponding to a second simulated depth-of-field, and a third layer corresponding to a third simulated depth-of-field; and
effectuate presentation of views of the virtual space at computing platforms associated with individual users, wherein effectuating presentation of views of the virtual space at a first computing platform comprises:
rendering views of virtual space content associated with the first layer in real time based on user input by generating information defining the views of the virtual space content associated with the first layer, wherein the virtual space content associated with the first layer comprises one or more user-controlled virtual objects and a set of one or more non-user controlled objects present in the first layer, wherein rendering views of the virtual space content associated with the first layer in real time based on user input comprises rendering such views to reflect interaction between the one or more user-controlled virtual objects and the individual non-user controlled objects included in the set of one or more non-user controlled objects present in the first layer in accordance with user input controlling the one or more user-controlled virtual objects;
obtaining, for the second layer, one or more pre-rendered views of virtual space content associated with the second layer, the one or more pre-rendered views of the virtual space content associated with the second layer being obtained by obtaining pre-existing information defining the views of the virtual space content associated with the second layer;
obtaining, for the third layer, one or more pre-rendered views of virtual space content associated with the third layer, the one or more pre-rendered views of the virtual space content associated with the third layer being obtained by obtaining pre-existing information defining the views of the virtual space content associated with the third layer; and
compositing the second layer and third layer into a composited layer.

US Pat. No. 10,218,792

METHOD, APPARATUS, COMPUTER PROGRAM AND COMPUTER PROGRAM PRODUCT FOR TRANSMITTING DATA FOR USE IN A VEHICLE

Bayerische Motoren Werke ...

1. A method for transmitting data for use in a vehicle, the method comprising:receiving a request from an occupant of the vehicle, wherein the request is for desired data to be transmitted and reproduced from a first source by way of a mobile radio connection between the vehicle and the first source;
determining, based on the request, whether the desired data may be transmitted and reproduced from a second source independently of the mobile radio connection;
if it is determined that the desired data may be transmitted and reproduced from the second source independently of the mobile radio connection, receiving the desired data in the vehicle from the second source; and
reproducing the desired data to the occupant in response to the request.

US Pat. No. 10,218,791

SYSTEMS AND METHODS FOR NETWORKED SENSOR NODES

General Electric Company,...

1. A sensor assembly comprising:an impedance sensor element;
a communications module configured to communicate with a remote computing device;
an impedance sensor reader coupled to said impedance sensor element and comprising:
a synthesizer configured to output an excitation signal having known signal characteristics over a range of frequencies, said synthesizer configured to generate the excitation signal based on a plurality of direct digital synthesizer (DDS) coefficients received from the remote computing device through said communications module; and
a detector coupled to said impedance sensor element and configured to detect a response of said impedance sensor element to the excitation signal and determine an impedance of said impedance sensor element;
a power harvesting and management unit to allow for stand-alone operation of said sensor assembly; and
a reset control module configured to reset said impedance sensor element to an initial impedance and release adsorbed gases from said impedance sensor element, wherein resetting said impedance sensor element is based on the impedance of said impedance sensor element exceeding a threshold value.

US Pat. No. 10,218,790

PROVIDING ACCESS TO A RESOURCE FOR A COMPUTER FROM WITHIN A RESTRICTED NETWORK

INTERNATIONAL BUSINESS MA...

1. A computer program product for providing access to one or more resources on a storage computer for a client computer, the computer program product comprising:a non-transitory computer readable storage medium having program instructions embodied therewith, the program instructions readable by a processing circuit to cause the processing circuit to perform a method comprising:
receiving a description of needed resources at the storage computer;
determining, by the storage computer, whether the storage computer has one or more resources matching the description of the needed resources;
initiating, by the storage computer, a network connection between the client computer and the storage computer;
providing access to one or more resources matching the description of the needed resources to the client computer via the network connection between the client computer and the storage computer, and
maintaining the network connection between the client computer and the storage computer, by sending data packets between the client computer and the storage computer on a regular basis via the network connection,
wherein the storage computer is operable for initiation of a network connection between the client computer and the storage computer, wherein a first initiation of the network connection between the client computer and the storage computer by the storage computer is enabled and a second initiation of the network connection between the client computer and the storage computer by the client computer is disabled.

US Pat. No. 10,218,789

ERASURE CORRECTING CODING USING TEMPORARY ERASURE DATA

Western Digital Technolog...

10. A method comprising:generating, with a controller of a data storage device, first erasure recovery data at least partially based on first data to be written to a non-volatile memory of the data storage device;
generating, with the controller, temporary erasure recovery data at least partially based on the first data;
controlling, with the controller, a volatile memory to store the temporary erasure recovery data;
writing, with the controller, the first data and the first erasure recovery data to the non-volatile memory; and
after verifying that the first data is stored in the non-volatile memory, discarding or modifying, with the controller, the temporary erasure recovery data.

US Pat. No. 10,218,788

HIGH SPEED COMMUNICATION PROTOCOL

SAP SE, Walldorf (DE)

1. A computer-implemented method comprising:determining, by a computer of a sending system, that data is available for serialization using an inlining transfer process;
retrieving a data block of the data from a memory of the sending system, wherein the memory of the sending system is different from a memory of a receiving system;
retrieving metadata corresponding to the data block, the metadata identifying a memory layout of a receiving system corresponding to the inlining transfer process;
writing a first portion of the data block to a transport layer, the first portion of the data block starting from a beginning of the data block and ending at a position in the data block, the position corresponding to a found pointer value in the data block;
determining, based on the found pointer value, that a pointer was found in the data block; and
recursively restarting the method using data referenced in the memory of the sending system by the found pointer value as available data, without writing the found pointer value to the transport layer.

US Pat. No. 10,218,787

DIGITAL DATA EXCHANGE ARCHITECTURE USABLE IN AVIONIC APPLIATIONS

THALES, Courbevoie (FR)

1. An architecture for digital data exchange usable in avionic applications comprising:a switched avionic communication network configured to transmit digital data and having at least one communication plane;
a plurality of subscriber electronic equipment to one or several communication planes of the communication network and configured to transmit and/or receive digital data via the communication network; and
one or several switches of digital data per communication plane, each switch comprising:
a digital data switching unit in the communication network;
a digital data computer processor;
local interaction unit connecting the switching unit and the digital data computer processor;
the computer processor being configured to transmit and receive digital data via the local interaction unit, wherein the computer processor of each switch of each communication plane includes modules forming a time reference server, the time reference server associating a time reference with the corresponding switch and configured for:
generating a local current time reference;
transmitting this local current time reference generated on the corresponding communication plane via a frame;
measuring the local transmission time aging of this local current time reference for generating at least one piece of local transmission aging information relative to this time reference;
transmitting this local transmission aging information generated on the corresponding communication plane via a frame;
receiving via one or several frames the current time references generated by at least some of the switches of the corresponding communication plane;
measuring the local receiving time aging of each of the current time references in order to generate at least one piece of local receiving aging information relative to this time reference;
measuring a local crossing time aging of the switching unit of the current time references in order to generate at least one piece of local crossing aging information relative to this time reference;
transmitting the local crossing aging information generated on the corresponding communication plane via one or several frames;
receiving via one or several frames transmission and crossing aging information transmitted by at least some of the other switches of the corresponding communication plane;
analyzing the received current time references, the local receiving aging information, the received transmission and crossing aging information corresponding to these time references for generating a next local time reference according to a predetermined law for generating a local time reference; and
associating the next local time reference with the local current time reference.

US Pat. No. 10,218,786

WEB CONTENT COMMUNICATION

NOKIA CORPORATION, Sunny...

1. A method comprising:classifying, by a server and in response to a request for web content from a user equipment, content items for the requested web content according to their importance and into at least two sets comprising a first set of content items and a second set of content items, the first set of content items having a first importance level for the user equipment that is different from a second importance level for the second set of content items, wherein the first importance level and the second importance level are indicated in a profile of the user equipment maintained by a cloud entity;
transmitting, by the server and based on a first protocol, the first set of content items to the user equipment; and
transmitting, by the server and based on a second protocol, the second set of content items to the user equipment, the second set of content items associated with an identifier to enable the user equipment to combine the first set of content items with the second set of content items, the first protocol having a different transportation characteristic from the second protocol.

US Pat. No. 10,218,785

OPPORTUNISTIC SYNC BLOCK TRANSMISSION FOR MM WAVE NR-SS

QUALCOMM Incorporated, S...

1. A method of wireless communication in a wireless network, comprising:scheduling, at a base station, a data burst for transmission to a user equipment (UE) on a target directional beam of a plurality of directional beams available to the base station, wherein the target directional beam is beamformed according to a direction of the UE;
generating an opportunistic synchronization block including network access information usable by a non-served UE to access the wireless network; and
transmitting the data burst to the UE, wherein the opportunistic synchronization block is embedded in the data burst.

US Pat. No. 10,218,784

IDENTIFYING GROUPS FOR A SOCIAL NETWORKING SYSTEM USER BASED ON GROUP CHARACTERISTICS AND LIKELIHOOD OF USER INTERACTION

Facebook, Inc., Menlo Pa...

1. A method comprising:obtaining interactions performed by a user in association with one or more group maintained by an online system;
identifying one or more characteristics of the one or more groups associated with the obtained interactions;
identifying a plurality of candidate groups based on the one or more characteristics;
determining, for the user, a score for each of the plurality of identified candidate groups based on the obtained interactions with the one or more groups;
selecting a subset of the plurality of identified candidate groups based at least on the determined score, wherein selecting the subset of the plurality of identified candidate groups based at least in part on the determined score comprises:
ranking the plurality of candidate groups based on the determined scores; and
penalizing a ranking of at least one candidate group based on a higher ranked candidate group being included in a set that also included the at least one candidate group; and
providing information identifying the selected subset of identified candidate groups for display on a computing device associated with the user.

US Pat. No. 10,218,783

MEDIA SHARING TECHNIQUES

INTEL CORPORATION, Santa...

1. An apparatus, comprising:a processor element; and
a memory coupled to the processor element, the memory comprising:
a classification module executable by the processor element, the classification module to assign a media item to a content category;
a correlation module executable by the processor element, the correlation module to determine context information for the media item;
an aggregation module executable by the processor element, the aggregation module to:
determine at least one contact comprising an entity and a plurality of manners of communication with the entity, and
generate a plurality of path-specific contacts for the at least one contact, the plurality of path-specific contacts comprising a single path-specific contact for each of the plurality of manners of communication with the entity, the single path specific contact comprising the entity and a single manner of communication of the plurality of manners of communication with the entity; and
an estimation module executable by the processor element, the estimation module to:
determine a set of relevance values comprising a single relevance value for each single path-specific contact based at least in part on a sharing history, the sharing history to indicate at least one previously performed sharing operation, each of the set of relevance values indicating a level of relevance of the media item to the single path specific contact, and
generate at least one suggested recipient for the media item, the at least one suggested recipient indicating the single path-specific contact having a highest relevance value.

US Pat. No. 10,218,782

ROUTING OF COMMUNICATIONS TO ONE OR MORE PROCESSORS PERFORMING ONE OR MORE SERVICES ACCORDING TO A LOAD BALANCING FUNCTION

SONICWALL INC., Milpitas...

1. A method for reconfiguring policy enforcement appliances in a computer network, the method comprising:configuring a topology of a cluster of appliances in the computer network, wherein a management console server assigns the cluster of appliances to enforce one or more policy rules;
providing the policy rules from the management console server to a first appliance of the cluster, wherein the first appliance is assigned responsibility for replicating the policy rules within the cluster and sends the policy rules to at least a second appliance in the cluster;
detecting that one of the appliances in the cluster has failed;
modifying the topology of remaining appliances in the cluster in response to detecting the failed appliance, wherein the cluster of remaining appliances continues to enforce the policy rules in accordance with the modified topology;
receiving a first communication related to an Internet Protocol (IP) Address;
identifying that the first communication includes a virtual private network protocol (VPN) frame;
sending the first communication to a first platform service based on the identification of the VPN frame;
receiving a reply relating to the first communication from the first platform service;
receiving a second communication relating to the IP address;
identifying that the second communication includes a secure socket layer (SSL) HELO message;
sending the second communication to a second platform service based on identifying that the second communication includes the SSL HELO message; and
receiving a reply relating to the second communication from the second platform service.

US Pat. No. 10,218,781

CONTROLLING LATENCY IN MULTI-LAYER FOG NETWORKS

Cisco Technology, Inc., ...

1. A method, comprising:receiving, at an intermediate node of a multi-stage process path through a computer network, a workload message with an associated latency budget to complete the multi-stage process at a final stage device;
determining, by the intermediate node, a current latency from an initial stage device for the workload message to the receiving of the workload message;
determining, by the intermediate node, a remaining portion of the latency budget based on the current latency;
performing, by the intermediate node in response to the remaining portion of the latency budget being less than expected at the intermediate node, one or more latency-reducing actions; and
transmitting, from the intermediate node, the workload message toward the final stage device.

US Pat. No. 10,218,780

CLOUD BASED PEER ASSISTED UPDATES IN A DEVICE MANAGEMENT ENVIRONMENT

Wyse Technology L.L.C., ...

1. A method implemented by a cloud based management server in a device management environment for performing peer assisted update deployment, the method comprising:sending, to a first managed device of a group of managed devices, a first update command that specifies a source for obtaining an update that is to be deployed on each managed device in the group to cause each managed device in the group to be updated;
receiving, from the first managed device, a notification that the first managed device has obtained the update; and
sending, to each of at least one other managed device in the group, an additional update command that specifies the first managed device as a source for obtaining the update such that the update that is to be deployed on each managed device in the group is sent to the first managed device to enable the first managed device to be updated and then the first managed device functions as the source for the at least one other managed device in the group to obtain the update.

US Pat. No. 10,218,779

MACHINE LEVEL RESOURCE DISTRIBUTION

Google LLC, Mountain Vie...

1. A method implemented in a data processing apparatus, comprising:receiving a request for services to be implemented on one or more server computers within a set of two or more server computers within a data center, wherein each server computer includes a plurality of processing cores;
querying each server computer in the set of two or more server computers for wear data for each processing core of each server computer;
for each server computer in the set of two or more server computers, receiving the wear data describing, for each processing core of the server computer, a wear level for the processing core that is indicative of accumulated wear that has accumulated from an originating time in service of the processing core; and
moderating accumulation of wear in the plurality of processing cores, to which services are to be assigned, in a first server computer and a second server computer, the moderating comprising:
determining, based on the wear level of the processing cores from the first server computer and the second server computer, that the services are to be implemented in one or more of the processing cores of the first server computer and one or more of the processing cores of the second server computer; and
assigning the services to be implemented in the one or more of the processing cores of the first server computer and the one or more of the processing cores of the second server computer.

US Pat. No. 10,218,778

PROVIDING A NATIVE DESKTOP USING CLOUD-SYNCHRONIZED DATA

Citrix Systems, Inc., Fo...

1. A virtualization server, comprising:at least one processor; and
memory storing computer-readable instructions that, when executed by the at least one processor, cause the virtualization server to:
provide, using a hypervisor configured to create and manage one or more virtual machines, a remote virtual desktop to a client device; and
selectively store, using a desktop management service, on a cloud-based storage platform, remote desktop data comprising one or more files maintained on the remote virtual desktop provided to the client device,
wherein the remote desktop data stored on the cloud-based storage platform is configured to be synchronized with and locally cached on the client device via the cloud-based storage platform when a connection between the client device and the cloud-based storage platform is available,
wherein at least one remote file included in the remote desktop data stored on the cloud-based storage platform is configured to be opened in a native desktop presented by the client device when a native editor for the at least one remote file is available on the native desktop presented by the client device,
wherein the desktop management service comprises a data mining agent, a synchronization agent, and a management agent, and
wherein the data mining agent is configured to extract information from one or more virtual desktops provided by the hypervisor, determine whether the information extracted from the one or more virtual desktops provided by the hypervisor should be stored for synchronization with the cloud-based storage platform, and store selected portions of the information extracted from the one or more virtual desktops provided by the hypervisor based on determining that the selected portions of the information extracted from the one or more virtual desktops provided by the hypervisor should be stored for synchronization with the cloud-based storage platform.

US Pat. No. 10,218,777

SYSTEM, METHOD AND APPARATUS FOR AD-HOC UTILIZATION OF AVAILABLE RESOURCES ACROSS MOBILE DEVICES

International Business Ma...

1. A method for collaboratively executing a task using first to N-th mobile devices wirelessly connected in a mobile ad-hoc network, wherein the first mobile device has the task to be executed and N is an integer greater than one, comprising:receiving, by a server device, resource information of the second to N-th mobile devices;
determining, by the server device, collaborative mobile devices out of the second to N-th mobile devices based on the received resource information of the second to N-th mobile devices;
providing, by the server device, identifications of the determined collaborative mobile devices with the first mobile device;
dividing, by the first mobile device, the task into first to M-th sub tasks, wherein M is an integer greater than one;
assigning, by the first mobile device, each of the first to M-th sub tasks to at least one of the collaborative mobile devices, wherein a first sub task is assigned to a wirelessly connected first collaborative mobile device for execution;
requesting, by the first mobile device, executions of the first to M-th sub tasks at the collaborative mobile devices;
receiving, by the first mobile device, execution results of the first to M-th sub tasks from the collaborative mobile devices;
detecting, by the first mobile device, a disconnection between the first mobile device and the first collaborative mobile device of the collaborative mobile devices before an execution result on the first sub task is not received; and
requesting, by the first mobile device, an execution of the first sub task to at least one of the collaborative mobile devices other than the first collaborative mobile device in response to detecting the disconnection.

US Pat. No. 10,218,774

DISTRIBUTED FILE TRANSFER WITH HIGH PERFORMANCE

International Business Ma...

1. A computer system comprising:one or more computer processors;
one or more computer readable storage media;
program instructions stored on the computer readable storage media for execution by at least one of the one or more processors, the program instructions comprising:
program instructions to create, on a first Trivial File Transfer Protocol (TFTP) server, a global cache, wherein the global cache stores up to a first portion of a data file, wherein the data file is divided into a plurality of portions, including the first portion, and wherein the plurality of portions are stored among a plurality of TFTP servers, including a second portion of the data file that is stored on a second TFTP server;
program instructions to store, on the first TFTP server, in the global cache, one or more continuous data blocks that have exceeded a defined first request rate threshold, wherein the one or more continuous data blocks make up a subset of the data blocks of the first portion of the data file, and wherein the program instructions to store, in the global cache, the one or more continuous data blocks that have exceeded the defined first request rate threshold comprise:
program instructions to monitor, on the first TFTP server, a request rate for a particular data block,
program instructions to determine, on the first TFTP server, if the request rate for the particular data block exceeds the defined first request rate threshold, wherein the defined first request rate threshold is a configurable limit that defines when data blocks are to be added to the global cache, and wherein the defined first request rate is adapted to optimize a transfer rate and reduce reads from one or more hard drives, and
program instructions to add, on the first TFTP server, the particular data block to the global cache based on the determining;
program instructions to predict, on the first TFTP server, a next data block in the data file to be stored in the global cache, wherein the program instructions to predict the next data block comprise:
program instructions to, upon adding a particular data block to the global cache, monitor, on the first TFTP server, the request rate of the next data block, wherein the next data block is the next logical block of the data blocks of the first portion of the data file following the one or more continuous data blocks stored in the global cache, and
program instructions to, upon monitoring the request rate of the next data block, predict, on the first TFTP server, when requests for the next data block will be likely to exceed the defined first request rate threshold;
program instructions to, in response to predicting the next data block, store, on the first TFTP server, the next data block in the global cache;
program instructions to store, on the first TFTP server, multiple copies of the data blocks of the first portion of the data file on a plurality of TFTP servers to enable a high availability for reading one or more blocks in the global cache;
program instructions to monitor, on the first TFTP server, the one or more continuous data blocks in the global cache to determine if the request rate for an end data block of the one or more continuous data blocks has fallen below a defined second request rate threshold, wherein the defined second request rate threshold is a configurable limit that defines when the one or more continuous data blocks in the global cache can be removed from the global cache; and
program instructions to, in response to determining that the end data block of the one or more continuous data blocks has fallen below the defined second request rate threshold, remove, on the first TFTP server, the end data block from the one or more continuous data blocks stored in the global cache.

US Pat. No. 10,218,773

SCREEN RECORDING OF ACTIONS THAT INITIATED A FILE DOWNLOAD

International Business Ma...

1. A method implemented by at least one hardware processor for capturing a context of a file download or modification, the method comprising:designating, in memory associated with at least one hardware processor, a file storage location for monitoring;
capturing a continuous stream of display data, the display data comprising data that is configured for presentation on a display;
monitoring the designated file storage location for a download of a new data file to the file storage location or a modification of an existing data file stored in the file storage location;
determining that a download of a new data file or modification of an existing data file has been initiated;
storing the new data file or the modification to the existing data file in the file storage location;
storing the captured display data as file display data; and
creating a correspondence between the file display data and the stored new data file or modified existing data file.

US Pat. No. 10,218,770

METHOD AND SYSTEM FOR SHARING SPEECH RECOGNITION PROGRAM PROFILES FOR AN APPLICATION

Google LLC, Mountain Vie...

1. A method of sharing one or more speech recognition program profiles for applications, the method comprising:receiving, at a sharing interface, a speech recognition program profile for an application from a first computing device, wherein the speech recognition program profile for the application further comprises a grammar that is indicative of one or more speech commands executable by the application, one or more application actions associated with speech commands, and identification data indicating an application for which the grammar of the speech recognition program profile is executable;
receiving, from a requesting speech recognition software in a second computing device, a request for information describing one or more speech recognition program profiles for one or more applications;
providing from the sharing interface to the requesting speech recognition software in the second computing device information describing one or more speech recognition program profiles that are accessible via the sharing interface;
based on the information describing the one or more speech recognition program profiles, receiving a selection of one or more of the speech recognition program profiles that are accessible via the sharing interface for download into the requesting speech recognition software in the second computing device; and
providing, from the sharing interface to the requesting speech recognition software in the second computing device, the selected one or more speech recognition program profiles.

US Pat. No. 10,218,769

MONITORING DIGITAL IMAGES ON MOBILE DEVICES

Conrad Management Corpora...

1. A method for monitoring digital images on mobile devices comprising:receiving a designation of a target device and monitoring settings for the target device via a monitoring application on a monitoring device;
sending the monitoring settings to a target application on the target device;
receiving from the target application target device information based on the monitoring settings, the target device information comprising digital image information; and
sending the target device information to the monitoring device, wherein the digital image information comprises representations of digital images on the target device and the representations are organized by image types, wherein the image types comprise an image type depicting nudity and an image type that corresponds to a facial recognition setting.

US Pat. No. 10,218,768

PASSIVE OUTDIAL SUPPORT FOR MOBILE DEVICES VIA WAP PUSH OF AN MVSS URL

West Corporation, Omaha,...

1. A Mobile Voice Self Service (MVSS) system, comprising:an MVSS mobile device comprising a bootstrap application and an outdial application, the MVSS mobile device configured to:
receive a WAP Push message comprising a URL linking to an MVSS file;
responsive to receiving the WAP Push message, use the URL to link to the MVSS file, and use the MVSS file to launch the bootstrap application; and
load the outdial application using the bootstrap application, wherein
the MVSS file is configured to launch the bootstrap application to load the outdial application, and
a client system comprising an application server configured to deliver an MVSS configuration file to the MVSS mobile device, wherein
the MVSS configuration file is an XML-based configuration file comprising configuration settings of the Media Resource Gateway, a Call Data Manager, and a URL of an intended VoiceXML target.

US Pat. No. 10,218,767

METHOD, SYSTEM AND BROWSER FOR EXECUTING ACTIVE OBJECT OF BROWSER

Beijing Qihoo Technology ...

1. A method for executing an active object of a browser, the active object being an object corresponding to an ActiveX plug-in, the method comprising:before the active object is created, intercepting, by at least one processor, a webpage process to query for a safety interface of a pre-created active object corresponding to the active object, and returning information indicating the ActiveX plug-in is a safe plug-in;
intercepting, by the at least one processor, a procedure of the webpage process creating the active object, and creating a proxy object to replace the active object, with the proxy object running in the webpage process;
when the webpage process activates the proxy object, creating, by the at least one processor, the active object in an independent process independent from the webpage process, with the active object running in the independent process;
creating, by the at least one processor, a communication window for each of the active object and the proxy object; and
the active object and the proxy object communicating, by the at least one processor, via the communication windows, and the proxy object invoking the active object and/or the active object invoking the proxy object.

US Pat. No. 10,218,766

METHOD OF SERVICE CAPABILITY NOTIFICATION

Futurewei Technologies, I...

1. A method of service capability notification, comprising:receiving, from an application server of a target client, a service capability of a representational state transfer (REST) client provided to the application server of the target client at about a same time as a request for a service capability of the target client from the REST client, the service capability of the target client indicating whether or not the target client is RESTful, the application server being a Web Real-Time Communications (WebRTC) user network interface (UNI) server and the REST client being associated with a first Internet Protocol (IP) multimedia system (IMS) network; and
sending, to the target client, the service capability of the REST client, the target client being associated with a second IP IMS network different from the first IP IMS network.

US Pat. No. 10,218,765

CONTENT-INDEPENDENT EVALUATION OF STREAMING MEDIA BASED ON PACKET TRANSMISSION PERFORMANCE

Cisco Technology, Inc., ...

1. A method, comprising:assigning, by a device in a network, packets of a communication transmitted via the network to a plurality of time windows over a period of time;
determining, by the device, a transmission performance metric for each of the packets in a particular time window;
calculating, by the device and for each of the time windows, local disturbance scores based on the transmission performance metrics for the packets in the time windows, wherein a particular local disturbance score for a particular time window maps the transmission performance metrics for the packets in the time window to a perceived quality metric;
determining, by the device, a distortion score for the communication by aggregating the local disturbance scores for the plurality of time windows over the period of time, wherein the distortion score is content-independent and is determined after traffic error correction; and
adjusting, by the device, the transmission of the communication based on the distortion score for the communication.

US Pat. No. 10,218,763

METHOD AND SYSTEM FOR LOW DATA RATE TRANSMISSION

HUAWEI TECHNOLOGIES CO., ...

1. A method for transmitting data comprising:encoding binary data to a sparse modulated data sequence, the sparse modulated data sequence exhibiting a sparsity over a plurality of frequency subcarriers of a transmission resource block, such that only one of the plurality of frequency subcarriers is a non-zero subcarrier that carries the binary data, the one non-zero subcarrier being selected from the plurality of frequency subcarriers based on the binary data;
performing pulse shaping on the sparse modulated data sequence to create a spectrally localized signal having a bandwidth less than a bandwidth of the transmission resource block; and
transmitting the spectrally localized signal over the plurality of frequency subcarriers.

US Pat. No. 10,218,762

SYSTEM AND METHOD FOR PROVIDING A REAL-TIME THREE-DIMENSIONAL DIGITAL IMPACT VIRTUAL AUDIENCE

1. A method for providing a real-time three-dimensional digital impact virtual audience, said method comprising:processing video associated with a live event to produce a corresponding data stream;
compositing said corresponding data stream with at least one sequence of predictability data stream to create a digital framework;
processing said digital framework into at least one full-form representation of at least one object depicted in said video in real-time by mapping and predicting how a first frame in said video would change when a second frame is captured if action contained within said first frame were permitted to continue; and
transmitting said at least one full-form representation to one or more remote audience devices associated with one or more virtual audience members in real-time, wherein the one or more virtual audience members are viewing the same live event using their respective remote audience devices.

US Pat. No. 10,218,761

METHOD AND DEVICE FOR ADJUSTING BIT RATE IN VIDEO CALLING BASED ON VOICE OVER LONG-TERM EVOLUTION AND VIDEO OVER LONG-TERM EVOLUTION, AND MOBILE TERMINAL

Spreadtrum Communications...

1. A method for adjusting bit rate in video calling based on Voice over Long-Term Evolution and Video over Long-Term Evolution (VoLTE), wherein the method is applied to a data receiver which is adapted to transmit Temporary Maximum Media Stream Bit Rate Request (TMMBR) packets, and comprises:determining whether the data receiver transmits a TMMBR packet for the first time, or whether the data receiver has received a Temporary Maximum Media Stream Bit Rate Notification (TMMBN) packet from a data transmitter, or whether the number of times a same TMMBR packet has been retransmitted exceeds a predetermined time;
if the data receiver transmits the TMMBR packet for the first time or has received the TMMBN packet from the data transmitter, or the number of times the same TMMBR packet has been retransmitted exceeds the predetermined time, estimating a downlink reception bit rate and calculating a downlink packet loss rate of Real-time Transport Protocol (RTP) packet;
calculating a transmission bit rate of the data transmitter which is requested by the data receiver based on the estimated downlink reception bit rate and the calculated downlink packet loss rate of RTP packet; and
transmitting the TMMBR packet to the data transmitter based on the transmission bit rate of the data transmitter which is requested by the data receiver,
wherein estimating a downlink reception bit rate comprises:
when tcur?tstart+tperiod, updating an average bit rate bprev in a last statistic period based on Equation (1),
bprev=(stotal?sprev)×8/(tcur?tstart),tstart>0  (1),where stotal is an accumulation value of effective load length of a current RTP packet, sprev is an accumulation value of effective load length of a RTP packet in the last period, tcur is a current time point, and tstart is a time point when a first packet is received within the current period, tperiod is a time period, and after each statistic period ends, tstart is reset and sprev is updated to be stotal; andwhen tcur?[tstart,tstart+tperiod), updating the downlink reception bit rate based on Equation (2),
best=(1??)·bprev+?·bcur  (2),where best is an estimation value of the downlink reception bit rate, bprev is an average bit rate in the last statistic period, and bcur is a current average bit rate, and a is a weight coefficient which depends upon Equation (3),

US Pat. No. 10,218,760

DYNAMIC SUMMARY GENERATION FOR REAL-TIME SWITCHABLE VIDEOS

JBF Interlude 2009 LTD, ...

1. A computer-implemented method comprising:simultaneously receiving a plurality of video streams, wherein each of the video streams is synchronized to a common playback timeline;
presenting a first one of the video streams to a user between a first time in the playback timeline and a second, later time in the playback timeline;
receiving an instruction to switch to presentation of a second one of the video streams;
generating a video summary of the second video stream based on content in the second video stream occurring between the first time and the second time; and
presenting at least a portion of the video summary to the user prior to switching to the presentation of the second video stream, wherein the video summary is presented to the user between the second time and a third, later time in the playback timeline, and wherein the generating of the video summary is further based on content in the second video stream occurring between the second time and the third time, such that the video summary includes a summary of content in the second video stream that the user will miss during watching the video summary.

US Pat. No. 10,218,759

METHOD AND APPARATUS FOR TRANSCEIVING DATA PACKET FOR TRANSMITTING AND RECEIVING MULTIMEDIA DATA

Samsung Electronics Co., ...

1. A method for receiving a data packet by a receiving apparatus, the method comprising:receiving, by the receiving apparatus, a data packet including a packet header and a packet payload,
wherein the packet payload includes a payload header and a fragment of a data unit or at least one complete data unit, and the payload header includes fragmentation information and a fragment indicator,
wherein the fragmentation information includes information about a number of at least one packet payload including at least one fragment of the data unit succeeding the packet payload,
wherein the fragment indicator includes one of a first value indicating that the packet payload includes a first fragment of the data unit, a second value indicating that the packet payload includes a fragment of the data unit that is neither the first fragment nor a last fragment of the data unit, and a third value indicating that the packet payload includes the last fragment of the data unit,
wherein the packet header including a packet identifier, a sequence number, and a timestamp,
wherein the packet identifier includes information to identify an asset related to the data packet,
wherein the sequence number includes information to identify at least one data packet that has the packet identifier, and
wherein the timestamp includes time information for the data packet.

US Pat. No. 10,218,758

SMART PRE-FETCHING FOR PEER ASSISTED ON-DEMAND MEDIA

Microsoft Technology Lice...

1. A computer-implemented process, comprising:applying a computer to perform process actions for:
identifying relative times when each of two or more peers in a peer-to-peer (P2P) network requested streaming of a common media file;
directing streaming of media packets of the requested media file to each peer to enable streaming playback of the media file for each peer at different times corresponding to the relative request times from a combination of:
server transmission of streaming packets to one or more of the peers, and
allocation of a first portion of an available upload bandwidth capacity of each peer to transmit one or more received streaming media packets to one or more other peers that requested streaming of the common media file at a later relative request time; and
periodically directing one or more of the peers to allocate a second portion of its available upload bandwidth to transmit additional packets of the common media file to one or more of the peers that requested the common media file at later relative request times.

US Pat. No. 10,218,757

SYSTEM AND METHODS FOR DYNAMIC TRANSCODER RATE ADAPTION FOR ADAPTIVE BIT RATE STREAMING

Cisco Technology, Inc., ...

1. A method of operating a computing device with limited transcoding resources to represent a set of media streams with different bit rates in a network to provide a full spectrum of available adaptive bitrate for the media stream by the computing device, the method comprising:producing, at a first computing device, a manifest file for a given media stream, the manifest file comprising a plurality of profiles for the given media stream that references two or more available bit rate variants of the given media stream that are available to be concurrently created by one or more transcoders of the first computing device, wherein each of the plurality of profiles includes i) a first available bit rate value of the given media stream and a URL associated with the given media stream and ii) a second available bit rate value of the given media stream and the URL associated with the given media stream, wherein the produced manifest file is provided to a client computing device;
in response to receiving a first request, for the given media stream, associated with one of the plurality of profiles, transcoding, at the first computing device, the given media stream at a first selected bit rate associated with the first request and at a second bit rate that is different from the first selected bit rate; and
in response to receiving a second request, for the given media stream, associated with a new selected bit rate from one of the plurality of profiles, transcoding, at the first computing device, the given media stream at the new selected bit rate associated with the second request and at another second bit rate that is different from the new selected bit rate.

US Pat. No. 10,218,756

STREAMLINED DELIVERY OF VIDEO CONTENT

Comcast Cable Communicati...

19. A system comprising:a user device; and
a server device, wherein the server device comprises;
a buffer configured to store data;
one or more processors; and
memory storing instructions that, when executed by the one or more processors, cause the server device to:
receive, from the user device, a request for a content fragment;
determine that a first portion of the content fragment is stored locally in the server device;
transmit, to the user device, the first portion of the content fragment;
receive, from a second server device, a second portion of the content fragment, wherein the first portion of the content fragment and the second portion of the content fragment are different portions of the content fragment;
store a portion of the second portion of the content fragment in the buffer;
prior to the server device receiving an entirety of the second portion of the content fragment from the second server device, and based on determining that the buffer is full, transmit, to the user device and from the full buffer, the portion of the second portion of the content fragment;
determine whether an end of transmission indicator, of the second portion of the content fragment, has been received; and
based on determining that the end of transmission indicator has not been received, transmit, to the user device, at least one additional portion of the second portion of the content fragment; and
wherein the user device comprises:
one or more processors; and
memory storing instructions that, when executed by the one or more processors of the user device, cause the user device to:
send the request for the content fragment; and
receive the first portion of the content fragment, the portion of the second portion of the content fragment, and the at least one additional portion of the second portion of the content fragment.

US Pat. No. 10,218,755

EXTENDED SELECTION AND ALIGNMENT OF VIDEO SEGMENTS FOR ADAPTIVE STREAMING

Roku, Inc., Los Gatos, C...

1. An apparatus comprising:at least one processor; and
a memory operatively coupled to the at least one processor, the processor configured to:
receive one or more variant segments for decoding and playback, the one or more variant segments including first and second variant segments having a first bitrate and a third variant segment having a second bitrate,
generate corresponding first, second, and third packetized elementary stream (PES) collections based on at least the first, second, and third variant segments,
store the generated first, second, and third PES collections in a processing buffer,
determine, based on at least a tolerance offset, a first out-of-tolerance splicing location and an associated first out-of-tolerance offset between the second PES collection and the third PES collection,
generate a corresponding fourth PES collection based on at least a received fourth variant segment having the second bitrate, and
determine, based on at least the tolerance offset, a second out-of-tolerance splicing location and an associated second out-of-tolerance offset between the second PES collection and the fourth PES collection.

US Pat. No. 10,218,753

VIDEO ACTIVATION BUTTON

GM GLOBAL TECHNOLOGY OPER...

1. A method of transmitting video data from a vehicle, comprisingreceiving, via a vehicle processor, a video transmission command that has been generated in response to a user selection of a video transmission input device;
determining via the vehicle processor, whether a vehicle external security event is occurring, based on sensor data obtained from one or more vehicle security sensors;
recording video data during a duration of the vehicle external security event via one or more vehicle cameras, via instructions provided by the vehicle processor, based on the determining that the vehicle external security event has occurred;
labelling the video data as corresponding to the vehicle external security event, via the video processor; and
transmitting, via the vehicle processor, the video data captured by one or more vehicle cameras during the vehicle external security event, along with the labelling of the video data as corresponding to the vehicle external security event, via instructions provided by the video processor in response to the received video transmission command, wherein transmission of video data is at least partly over a telecommunications network to a remote server.

US Pat. No. 10,218,752

MARKUP LANGUAGE FOR INCORPORATING SOCIAL NETWORKING SYSTEM INFORMATION BY AN EXTERNAL WEBSITE

Facebook, Inc., Menlo Pa...

1. A computer implemented method comprising:receiving, by a client device, a mark-up language document from a website external to a social networking system, the mark-up language document containing one or more custom tags provided by the social networking system for retrieving information associated with a user of the social networking system and for displaying the retrieved information associated with the user based on the mark-up language document;
processing, by the client device, the one or more custom tags contained in the mark-up language document using a custom tag library from the social networking system that provides program logic for each of the one or more custom tags;
responsive to processing the one or more custom tags, sending a request to the social networking system for the information associated with the user;
receiving the requested information associated with the user from the social networking system in response to the request for the information; and
generating a displayable web page based on the mark-up language document that displays the requested information received from the social networking system with content of the website.

US Pat. No. 10,218,751

SOCIAL SHARING SYSTEM

PAYPAL, INC., San Jose, ...

1. A system comprising:a networked database storing sharing activity information and consumption information;
one or more processors and executable instructions accessible on a computer-readable medium that, in response to being executed by the one or more processors, cause the system to perform operations comprising:
generating a user interface for presentation on a user device, the user interface including perceptible user interface elements allowing a user to receive a recommendation;
accessing, from the networked database, sharing activity information related to a content item being shared on a social network by a first user;
accessing, from the networked database, consumption information related to consumption of the content item, the consumption information relating to consumption of the content item by a second user;
determining a correlation between the sharing activity information and the consumption information, the determined correlation indicating how the sharing of the content item by the first user relates to the consumption of the content item by the second user;
determining, based on the correlation, that the second user purchased the content item in response to the content item being shared by the first user;
identifying a relationship attribute defining a relationship between the first user and the second user;
identifying a third user based on the third user having the relationship attribute defining a relationship between the third user and the first user;
in response to the third user and the second user having the relationship attribute and in response to determining that the second user purchased the content item in response to the content item being shared by the first user, generating a recommendation of consumption of content for the third user based on the correlation between the sharing activity information and the consumption information and based on the third user meeting a recommendation criteria, the recommendation including the shared content item; and
transmitting instructions to cause display of the recommendation to the third user via the user interface.

US Pat. No. 10,218,750

COMMUNICATION OF IMAGING SYSTEM INFORMATION

KONINKLIJKE PHILIPS N.V.,...

1. A method for exposing imaging system events in connection with an event driven imaging system, comprising:detecting an imaging system event occurred, wherein the imaging system event corresponds to an imaging examination being performed;
generating a signal indicative of the detected imaging system event; and
transmitting the signal over a computer network for reception by at least one non-controlling device communicating over the network.

US Pat. No. 10,218,749

SYSTEMS, METHODS, AND COMPUTER PROGRAMS FOR ESTABLISHING A SCREEN SHARE SESSION FOR A REMOTE VOICE CALL

American Teleconferencing...

1. A method for establishing a screen share session, the method comprising:a mobile communication device initiating an outgoing voice-only call, via a communication service which is configured to provide the voice-only call without an accompanying online collaboration, between a calling party operating the mobile communication device and one or more called parties;
in response to initiating the voice-only call, the mobile communication device generating a message specifying the calling party and the one or more called parties;
transmitting the message to a collaboration server associated with a collaboration-only service provided by a service provider not affiliated with the communication service providing the voice-only call;
the collaboration server receiving the message;
the collaboration server determining that the calling party and the one or more called parties identified in the message received from the mobile communication device have an active collaboration presence with the collaboration server; and
the collaboration service initiating, during the voice-only call, a display of a screen share user interface control on a first computing device associated with the calling party and one or more second computing devices associated with the one or more called parties, the screen share user interface control configured to enable the calling party and the one or more called parties to establish a screen share session.

US Pat. No. 10,218,748

SYSTEMS AND METHODS FOR DYNAMIC BANDWIDTH ALLOCATION

INTOUCH TECHNOLOGIES, INC...

1. A method of monitoring network statistics in a videoconferencing session, comprising:initiating a videoconferencing session between a first endpoint and a second endpoint via a network;
transmitting data between the first endpoint and the second endpoint;
collecting a first plurality of data samples, each of the plurality of data samples comprising a quantifiable metric representing one or more network conditions;
discarding data samples from the first plurality of data samples that exceed a first percentile of the data samples in a network statistics data set;
adding data samples from the first plurality of data samples to network statistics dataset;
analyzing the network statistics dataset to estimate an available bandwidth of the network;
identifying a network disturbance;
discarding data samples collected for a specified period of time following the network disturbance; and
adjusting the bandwidth used for the videoconferencing session based on the estimated available bandwidth.

US Pat. No. 10,218,747

LEVERAGING GEOGRAPHICALLY PROXIMATE DEVICES TO REDUCE NETWORK TRAFFIC GENERATED BY DIGITAL COLLABORATION

MICROSOFT TECHNOLOGY LICE...

1. A computer-implemented method for deploying geographically proximate client devices to facilitate digital collaboration sessions in a real-world environment, the computer-implemented method comprising:receiving a session request that requests initiation of a digital collaboration session, wherein the session request defines a geofence for the digital collaboration session;
identifying a plurality of client devices to associate with the digital collaboration session based on location data indicating that individual client devices, of the plurality of client devices, are within the geofence;
causing the individual client devices to display a contribution graphical user interface (GUI) comprising a plurality of user interface (UI) elements that enable participants to generate contribution data that causes the individual client devices to emit a plurality of sounds during the digital collaboration session, wherein individual sounds of the plurality of sounds are emitted in substantially real-time responsive to generation of the contribution data;
recording at least some of the contribution data to enable playback of the plurality of sounds that are emitted during the digital collaboration session;
receiving, during the digital collaboration session, a segment selection that indicates an interest in at least a segment of the digital collaboration session; and
in response to the segment selection, generating enhanced session data that enables playback of an enhanced version of the segment of the digital collaboration session.

US Pat. No. 10,218,746

CALL TRANSFERRING METHOD AND DEVICE FOR MULTI-CHANNEL TERMINAL

SPREADTRUM COMMUNICATIONS...

1. A call transferring method for a multi-channel terminal, comprising:a current subscriber receiving an incoming call request from a first remote subscriber and setting up a call with the first remote subscriber based on a first service channel; and
connecting the first service channel with a second service channel to forward service data of the first remote subscriber to a second remote subscriber and forward service data of the second remote subscriber to the first remote subscriber through the first and second service channels,
wherein the first and second service channels are set up based on a current subscriber identity card, and prior to receiving the incoming call request from the first remote subscriber, the current subscriber is in a call with a third remote subscriber using a third service channel which is set up based on the current subscriber identity card which identifies the current subscriber.

US Pat. No. 10,218,745

SMART HOME SYSTEM USING PORTABLE DEVICE

SAMSUNG ELECTRONICS CO., ...

1. A home appliance, which is a device, comprising:a gateway;
at least one memory storing instructions; and
at least one processor that executes the instructions so that the home appliance:
connects to a home network,
while connected to the home network, communicates, through the home network, with another device that is connected to the home network and that includes a gateway, to determine whether the home appliance is to be a master device of the home appliance and the another device, based on device information of the home appliance and device information of the another device,
activate the gateway of the home appliance in response to it being determined that the home appliance is to be the master device, so that the gateway of the home appliance thereby connects the home network with an external communication network, and
while the gateway of the home appliance is activated and thereby connects the home network with the external communication network,
causes the activated gateway to be operable to receive a control command for the another device from the external communication network, and transfer the received control command through the home network to the another device.

US Pat. No. 10,218,744

USER DEVICE SELECTION

Verizon Patent and Licens...

1. A computer-implemented method comprising:receiving, at a serving call session control function (S-CSCF) in a network and from a user device, a session initiation protocol (SIP) register message including a terminal identifier (ID) of the user device and a public user ID associated with a user of the user device;
sending, to a home subscriber server (HSS), a request for user authentication data, wherein the request includes the public user ID and the terminal ID;
authenticating the user device based on the user authentication data;
creating a registration context of the user device, wherein the registration context of the user device includes the terminal ID, the public user ID, a registration status of the user device, and an address of a proxy call session control function (P-CSCF) associated with the user device;
storing the registration context for the user device;
sending, to the HSS, a diameter server assignment request (SAR) message;
receiving, from the HSS, a diameter server assignment answer (SAA) message, wherein subsequent registrations from other user devices associated with the public user ID are to be directed to the S-CSCF;
sending a SIP 200 OK message to the user device;
storing, by the S-CSCF, the registration status of the user device based on a combination of the terminal ID and the public user ID, wherein the registration status includes an authentication scheme associated with the user device, and wherein storing the registration status includes:
storing the registration status and authentication scheme locally when the terminal ID is based on a device type of the user device, and
storing the registration status and authentication scheme at the HSS when the terminal ID is unique for the user; and
sending the SIP register message to an application server, wherein the SIP register message includes the terminal ID and the public user ID, and wherein the application server is to provide an incoming session to the user device based on the registration context of the user device.

US Pat. No. 10,218,743

SYSTEMS AND METHODS OF INTENT-BASED LAWFUL INTERCEPTION (LI) IN COMMUNICATION NETWORKS

Wipro Limited, Bangalore...

1. A method of intent based Lawful Interception (LI) in a communication network, the method comprising:interpreting, by a network device, an LI intent of a Law Enforcement Agency (LEA) based on LI intent information provided by the LEA;
determining, by the network device, LI content required by the LEA and at least one LI trigger associated with the LI content based on an analysis of the LI intent information, wherein the determination of the at least one LI trigger is based on an identification of at least one trigger detection network node based on a network node lookup table;
monitoring, by the network device, ongoing communication session associated with an LI target user to detect matching of the at least one LI trigger;
processing, by the network device, duplicated LI content in response to matching of the at least one LI trigger, wherein the duplicated LI content captures at least a part of the LI content in the ongoing communication session of the LI target user;
inserting, by the network device, at least one marker tag in the duplicated LI content to generate marked LI content; and
sending, by the network device, the marked LI content and a notification comprising information associated with matching of the at least one LI trigger and the at least one marker tag to the LEA.

US Pat. No. 10,218,742

SYSTEM AND METHOD FOR PROVIDING NETWORK AND COMPUTER FIREWALL PROTECTION WITH DYNAMIC ADDRESS ISOLATION TO A DEVICE

CUPP Computing AS, Oslo ...

1. A security system comprising:a communication interface configured to transmit an outgoing data packet with an external outgoing header to an external network and to receive an incoming data packet with an external incoming header from the external network, the external outgoing header including an external internet protocol (IP) address as a source address of the outgoing data packet, the external incoming header including the external IP address as a destination address of the incoming data packet;
an address translation engine configured to:
receive the outgoing data packet with an internal outgoing header from an internal device, the internal outgoing header identifying an internal IP address of the internal device as the source address of the outgoing data packet;
receive from the communication interface the incoming data packet with the external incoming header, the internal device including a particular application associated with the outgoing data packet and with the incoming data packet;
translate the internal IP address of the outgoing data packet to the external IP address and assist in forming the external outgoing header based on the external IP address;
translate the external IP address of the incoming data packet to the internal IP address and assist in forming an internal incoming header based on the internal IP address; and
store association of the internal IP address and the external IP address to assist with address translation; and
a hybrid firewall configured to:
receive a particular application identifier associated with the particular application from the internal outgoing header of the outgoing data packet;
select one of several application-level security evaluations based on the particular application identifier determined based on the incoming data packet;
perform a network-level security evaluation and the one of the several application-level security evaluations on the incoming data packet; and
allow the incoming data packet to pass to the particular application if the network-level security evaluation and the one of the several application-level security evaluations do not identify malicious code in the incoming data packet.

US Pat. No. 10,218,741

IMMUNIZING NETWORK DEVICES USING A MALWARE MARKER

ACALVIO TECHNOLOGIES, INC...

1. A method for immunizing a network device from a malware program, comprising:initiating a virtual machine in a testing environment, wherein the testing environment is a closed and monitored computing environment in which malware programs can be run and analyzed, wherein the testing environment prevents the malware programs from infecting other network devices, wherein the virtual machine is configured to emulate a computing device in a network, the configuration including a hardware configuration and a software configuration of the computing device, and wherein the virtual machine executes on a server computer in the testing environment;
generating a first snapshot of the virtual machine, wherein the first snapshot captures a state of the virtual machine at a first point in time, the state including a software state and a hardware state, and wherein the first snapshot includes contents of a memory of the server computer;
executing a malware program on the virtual machine;
generating a second snapshot of the virtual machine, wherein the second snapshot captures a state of the virtual machine at a second point in time, wherein the second point in time occurs after the malware program has executed;
determining a marker generated by the malware program, wherein the marker indicates to the malware program that the virtual machine has been infected by the malware program, wherein determining the marker includes comparing the first snapshot to the second snapshot to identify a difference in the software state or the hardware state of the virtual machine after the malware program executed, and wherein determining the marker includes identifying a placement of the marker on the virtual machine; and
distributing copies of the marker to one or more network devices on the network, wherein, when a copy of the marker is received at a network device from the one or more network devices, the network device places the marker on the network device in a location corresponding to the placement of the marker on the virtual machine, wherein, when the malware program migrates to the network device, the malware program incorrectly determines that the network device is already infected by the malware program, and wherein, using the incorrect determination, the malware program does not infect the network device.

US Pat. No. 10,218,739

FILTER FOR NETWORK INTRUSION AND VIRUS DETECTION

Intel Corporation, Santa...

1. A method to perform string matching for network packet inspection, the method comprising:identify an irreducible Galois-field polynomial;
for each ith slice circuit of a set of H slice circuits, performing the steps of:
independently storing an ith input window of Wi bytes of data from an input data stream;
multiplying the Wi bytes of data by a Galois-field polynomial modulo the irreducible Galois-field polynomial multiplied by one of a set of H distinct polynomial multipliers, wherein the one of the set of H distinct polynomial multipliers is randomly selected to generate an ith hash index; and
accessing a storage location of a memory corresponding to the ith hash index to generate an ith slice-hit signal of a set of H slice-hit signals;
combining the set of H slice-hit signals, with an AND-OR logic array, to identify a match result; and
in response to a positive match, initiating a verification process to check against false positives.

US Pat. No. 10,218,738

SECURE NOTIFICATION OF NETWORKED DEVICES

Comcast Cable Communicati...

1. A method comprising:receiving, by a computing device and via a first path, an indication of one or more instances of malware on a user device;
sending, after receiving the indication and for output by a first device associated with a user of the user device, an encrypted message that indicates a remedial action to address the malware and is decryptable based on a decryption code;
determining, by the computing device, a secured second path that omits the user device;
causing, via the secured second path, output of the decryption code at a video-content device that is distinct from the first device;
receiving, from the first device, a response that indicates a successful user input of the decryption code; and
allowing, based on the response, the user device to access the remedial action to address the malware.

US Pat. No. 10,218,737

TRUSTED MEDIATOR INTERACTIONS WITH MOBILE DEVICE SENSOR DATA

AMERICAN EXPRESS TRAVEL R...

1. A method comprising:receiving, by a mediator, first sensor data from a first sensor on a mobile device;
transmitting, by the mediator, data associated with a second sensor on the mobile device,
wherein the data associated with the second sensor includes risk data associated with the first sensor,
wherein the second sensor is not the first sensor, and
wherein the data associated with the second sensor includes a data reporting instruction that is based at least in part on the risk data associated with the first sensor; and
receiving, by the mediator, second sensor data from the second sensor.

US Pat. No. 10,218,734

SYSTEMS AND METHODS FOR IMPROVING SECURITY OF SECURE SOCKET LAYER (SSL) COMMUNICATIONS

Citrix Systems, Inc., Fo...

1. A method for improving security of secure socket layer (SSL) communication, the method comprising:determining, by a device intermediary to a plurality of clients and one or more servers, a configuration change associated with a virtual server executing on the device, the virtual server configured as a named entity of the device that at least one client of the plurality of clients uses to access applications hosted on a server of the one or more servers;
generating, by the device, responsive to determining the configuration change associated with the virtual server, a service fingerprint for the virtual server, the service fingerprint including a domain name service (DNS) alias for a virtual internet protocol (IP) address of the virtual server, a port number of the virtual server serving a secure socket layer (SSL) certificate of the virtual server, an IP address serviced by the device, and the SSL certificate;
transmitting, by the device, the generated service fingerprint to a web service to identify whether the device is under attack; and
receiving, by the device from the web service, a notification that the device is under attack, responsive to the web service comparing the generated service fingerprint with data received by the web service from an agent.

US Pat. No. 10,218,733

SYSTEM AND METHOD FOR DETECTING A MALICIOUS ACTIVITY IN A COMPUTING ENVIRONMENT

AWAKE SECURITY, INC., Mo...

1. A method for evaluating communication between a plurality of computing devices, comprising:monitoring a plurality of communication between a user computer and at least one destination computer by a security appliance;
extracting selective information from the plurality of communications between the user computer and the at least one destination computer by the security appliance;
comparing extracted selective information between a pair of communication between the user computer and the at least one destination computer for a match by the security appliance; and
generating an activity record for the user computer and the at least one destination computer, based on the match between the pair of communication between the user computer and the at least one destination computer by the security appliance, the activity record indicative of a time based interaction between the user computer and the at least one destination computer.

US Pat. No. 10,218,732

VECTOR-BASED ANOMALY DETECTION

Nant Holdings IP, LLC, C...

1. A hybrid-fabric apparatus for detecting anomalous behavior of a network fabric comprising a plurality of network nodes, the hybrid-fabric apparatus comprising:a black box memory configured to at least store a plurality of behavior metrics; and
an anomaly agent coupled with the black box and configured to at least:
determine a baseline vector corresponding to nominal behavior of the network fabric, the baseline vector comprising at least two different behavior metrics that are correlated with each other;
disaggregate anomaly detection criteria into a plurality of anomaly criterion to be distributed among the plurality of network nodes, the anomaly detection criteria characterizing a variation from the baseline vector, and each of the plurality of anomaly criterion comprising a function of a measured vector of behavior metrics, the variation calculated based on a variation function applied to a vector of measured behavior metrics having elements corresponding to member elements of the baseline vector;
aggregate anomaly criterion statuses calculated by at least some of the plurality of network nodes to detect anomalous behavior, each anomaly criterion status being calculated by a network node as a function of the network node's anomaly criterion and a measured vector of the at least two different behavior metrics; and
notify a manager of the anomalous behavior.

US Pat. No. 10,218,731

METHOD AND SYSTEM FOR DATA BREACH AND MALWARE DETECTION

EFFICIENT PROTECTION INC....

1. A system comprising at least one processor and at least one non-transitory computer readable media configured to detect zero-day cyber threat, data breach, infected or compromised devices on a computer network, the system being connected to at least one segment of the computer network, the system comprising:at least one data collection module configured to capture all network packets entering and/or going out of the computer network via the at least one network interface;
at least one analysis module for receiving the network packets from the at least one data collection module, the analysis module comprising instructions for detecting traffic associated to zero-day malware, data breach, and/or malware related activities over the computer network by using information contained in a network flow header of the network packets and information contained in a body section of the network packets to identify a pattern;
at least one learning module configured to execute at least one machine learning algorithm, the at least one learning module being configured to:
identify network flows based on the captured network packets;
execute predetermined rules and training tasks for a predetermined period of time to learn at least one normal behavior of the computer network;
detect-the network flows deviating from the learned normal behaviour of the computer network;
identify the suspicious network flows as abnormal;
at least one knowledge database configured to provide stored data to the at least one learning module and to the at least one analysis module, the at least one knowledge database storing:
training data and rules about the determined abnormal behaviours of the computer network; and
at least one signature element of a known malware;
at least one scoring module configured to correlate data from the at least one learning module and the at least one analysis module using contextual information and the at least one learning module and to identify false positives during the detection of deviating network flow; and
at least one alerting module for creating at least one alert upon either:
detection by the analysis module of a network packet matching one of the rules of the at least one knowledge database;
identification by the learning module of an abnormal network flow.

US Pat. No. 10,218,730

SYSTEMS AND METHODS OF STATELESS PROCESSING IN A FAULT-TOLERANT MICROSERVICE ENVIRONMENT

ShieldX Networks, Inc., ...

1. A method comprising:transmitting, by a first microservice, packet data and a context, wherein the context is associated with the packet data;
receiving, by a second microservice, the packet data and the context, the second microservice to: send a request for a service state to one of a plurality of redundant message services, use the context and the requested service state to determine what security processing to perform, to perform the security processing over the packet data, and to transmit resulting data and the context to a third microservice; and
receiving, by the third microservice, the resulting data and the context, the third microservice to: use the context to determine what security processing to perform, and to perform the security processing over the resulting data;
wherein the second microservice to extract data from the packet data, and perform the security processing over the data extracted from the packet data, and wherein the third microservice to extract data from the resulting data, and to perform the security processing over the data extracted from the resulting data;
wherein the second microservice and the third microservice to extract higher-level data from the received data;
wherein the second microservice does not maintain a copy of the service state, such that, in case of its failure, a different microservice accesses and uses the service state; and
wherein the method is performed by a security service comprising a hierarchy of microservices, including, at the lowest level, an interface microservice to generate the context.

US Pat. No. 10,218,729

SPECIALIZING UNSUPERVISED ANOMALY DETECTION SYSTEMS USING GENETIC PROGRAMMING

Cisco Technology, Inc., ...

1. A method, comprising:receiving, at a device in a network, sets of traffic flow features from an unsupervised machine learning-based anomaly detector, wherein the sets of traffic flow features are associated with anomaly scores determined by the unsupervised machine learning-based anomaly detector;
ranking, by the device, the sets of traffic flow features based in part on their anomaly scores;
applying, by the device, a genetic programming approach to the ranked sets of traffic flow features to generate new sets of traffic flow features to specialize the unsupervised machine learning-based anomaly detector for a particular type of anomaly, wherein the genetic programming approach uses a fitness function that is based in part on rankings of the sets of traffic flow features associated with the particular type of anomaly and uses a log transformation of the rankings of the sets of traffic flow features;
specializing, by the device, the unsupervised machine learning-based anomaly detector to emphasize the particular type of anomaly at the unsupervised machine learning-based anomaly detector using the new sets of traffic flow features generated by the genetic programming approach; and
mitigating, by the device, an instance of the particular type of anomaly that is detected by the unsupervised machine learning-based anomaly detector, wherein the mitigating comprises at least one of rerouting a traffic flow associated with the instance, performing traffic shaping of the traffic flow associated with the instance, or dropping the traffic flow associated with the instance.

US Pat. No. 10,218,728

ANOMALY DETECTION FOR WEB DOCUMENT REVISION

eBay Inc., San Jose, CA ...

1. A system comprising:one or more processors;
a non-transitory computer readable medium storing instructions that, when executed by the one or more processors, cause the system to perform operations comprising:
accessing a published web document comprising a plurality of distinct elements generated using data received from a computing device of a user;
assigning the published web document a first uniform resource identifier (URI), the first URI associates the plurality of distinct elements with a unique identifier;
accessing an updated web document, the updated web document being based on one or more modifications to the published web document made by the user using an interface presented on a computing device of the user, the updated web document including at least one user generated modification to a distinct element of the plurality of distinct elements of the published web document;
generating one or more anomaly scores based on a comparison of the updated web document to the published web document, the one or more anomaly scores providing a measure of deviation of the updated web document from the published web document; and
determining whether to allow publication of the updated web document based on a result of a comparison of the anomaly score to a threshold anomaly score, the determining includes determining whether to assign the first URI to the updated web document.

US Pat. No. 10,218,727

SANITY CHECK OF POTENTIAL LEARNED ANOMALIES

Cisco Technology, Inc., ...

1. A method, comprising:receiving, at a device in a network and from a supervisory device, trace information for one or more traffic flows associated with a particular anomaly;
remapping, by the device, network addresses in the trace information to addresses of one or more nodes in the network based on roles of the one or more nodes;
mixing, by the device and using the remapped network addresses, the trace information for the one or more traffic flows associated with the particular anomaly with traffic information regarding one or more observed traffic flows in the network, to form a set of mixed traffic information;
analyzing, by the device, the mixed traffic information using an anomaly detection model; and
providing, by the device, an indication of a result of the analysis of the mixed traffic information to the supervisory device.

US Pat. No. 10,218,726

DYNAMIC DEVICE CLUSTERING USING DEVICE PROFILE INFORMATION

Cisco Technology, Inc., ...

1. A method comprising:causing, by a networking device in a network, formation of device clusters of devices in the network, wherein the devices in a particular cluster exhibit similar behavioral characteristics learned by at least one learning agent in the network;
receiving, at the networking device, feedback from a device identity service regarding the device clusters, wherein the feedback is based in part on the device identity service probing the devices;
dynamically adjusting, by the networking device, the device clusters based on the feedback from the device identity service; and
performing, by the networking device, anomaly detection in the network using the adjusted device clusters by modeling behavior of devices in a specific adjusted device cluster.

US Pat. No. 10,218,725

DEVICE AND METHOD FOR DETECTING COMMAND AND CONTROL CHANNEL

Naru Security, Inc., Seo...

1. A device for detecting an attack on a first network by an attacker device connected to a second network, by identifying a command and control channel established between a communication device of the first network and the attacker device of the second network without a need for an attack signature, comprising:a non-transitory recording medium for recording program code, said program code comprising: code for monitoring a plurality of communication sessions between a first network and a second network, said first network and said second network are different networks;
code for collecting log information of some of said plurality of sessions, generated between at least one communication device of the first network and at least one communication device of the second network;
code for generating test data for respective sessions based on the log information, and calculating a test data statistical distribution based on test data of the sessions; and a determiner
code for analyzing said test data statistical distribution to extract a test data value;
code for identifying when said test data value is indicative of an abnormal distribution, using an abnormal distribution determination standard;
code for estimating when said some of said plurality of sessions characterize a command and control channel;
code for determining when said at least one communication device of the second network is an attacker device, based on said estimation, so as to prevent an attack on said first network;
wherein said attack is at least one of a denial of service (DoS), personal information hacking, financial agencies hacking and cyber terrors.

US Pat. No. 10,218,724

MONITORING SOCIAL MEDIA FOR BREACH OF ORGANIZATIONAL PRIVACY

Adobe Inc., San Jose, CA...

1. In a digital medium environment to control breaches of organization privacy by monitoring social media, a method implemented by at least one computing device, the method comprising:constructing, by the at least one computing device, a first semantic graph of private organization information and a second semantic graph of public organizational information;
identifying, by the at least one computing device, a relationship between terms in the first semantic graph indicative of private textual information;
weighting, by the at least one computing device, the relationship in both the first and second semantic graphs based on the identifying of the relationship from the first semantic graph;
receiving, by the at least one computing device, social media content;
querying, by the at least one computing device, the social media content using the first semantic graph having the weighted relationship to generate a first score indicating an amount of the private organizational data disclosed by the social media content;
querying, by the at least one computing device, the social media content using the second semantic graph having the weighted relationship to generate a second score indicating an amount of the public organizational data disclosed by the social media content; and
generating, by the at least one computing device based on a ratio of the first and second scores, a privacy score that indicates a degree to which the social media content breaches privacy of the organization.

US Pat. No. 10,218,723

SYSTEM AND METHOD FOR FAST AND SCALABLE FUNCTIONAL FILE CORRELATION

Reversing Labs Holding Gm...

1. A computer-implemented method comprising:obtaining, by a computing device, a file, wherein the file includes a plurality of portions;
generating a first hash of a first portion of the plurality of portions;
combining the first portion with a second portion of the plurality of portions;
generating a second hash of the first portion with the second portion of the plurality of portions, wherein an order of functional file features of the plurality of portions used to generate the first hash is identical to the order of functional file features of the plurality of portions used to generate the second hash, wherein the first hash is indicative of a first level of functional similarity between a function of the file and a function of a second file, wherein the second hash is indicative of a second level of functional similarity with the function of the file and the function of the second file, wherein each level of functional similarity includes a minimum set of functional file features that when hashed together produce a deterministic result that, when compared to one of the first hash and the second hash, the file and the second file share, and wherein each level of functional similarity respectively reduces a set of unique working binaries that map to one of the first hash at the first level of functional similarity and the second hash at the second level of functional similarity to share the deterministic result; and
grouping the file and the second file based upon, at least in part, the first level of functional similarity and the second level of functional similarity to enable granularity into functional file grouping.

US Pat. No. 10,218,722

METHOD AND SYSTEM FOR DEVELOPING AN ANOMALY DETECTOR FOR DETECTING AN ANOMALY PARAMETER ON NETWORK TERMINALS IN A DISTRIBUTED NETWORK

1. A computer implemented method for developing an anomaly detector for detecting and predicting anomaly parameter in one or more network terminals and optimizing the behavior of the said one or more network terminal in a distributed network, the computer implemented method comprising,collecting behavioral data from the one or more network terminals;
monitoring the behavior of the one or more network terminals on the basis of collected behavioral data;
detecting anomaly parameter in the one or more network terminals by comparing the collected behavioral data with the behavior profile of the one or more network terminals,
wherein the behavior profile of the one or more network terminals is pre-stored in a distributed knowledge database;
optimizing and updating the behavior of the said one or more network terminals,
wherein the anomaly detector comprises an Artificial Intelligent Client Engine (AICE) which is configured to select an intelligent agent based at least in part on one or more requirements of the one or more network terminals, wherein the intelligent agent comprises an algorithm for optimizing and updating the behavior of the one or more network terminals in the distributed network; and
updating the anomaly detector with new behavioral data from the one or more network terminals by a retrain module of the anomaly detector,
wherein the intelligent agent is updated with new conditions based on the new behavioral data, and wherein the updating of the intelligent agent allows for further optimizing and updating of the behavior of the said one or more network terminals.

US Pat. No. 10,218,721

REAL-TIME REGULAR EXPRESSION SEARCH ENGINE

Redberry Systems, Inc., ...

1. An apparatus to protect against malware propagation within a data-transmission network, the apparatus comprising:a ternary content addressable memory (TCAM) to store fixed-pattern character sequences that correspond to fixed-character segments of malware signatures and to detect matches between an input data stream and the fixed-pattern character sequences;
variable-character-expression match circuitry to store variable-character expressions that constitute variable-expression segments of the malware signatures and to detect matches between the input data stream and the variable-character expressions; and
state machine circuitry to:
receive match detection signals from the TCAM and the variable-character-expression match circuitry indicative of matches with respect to the fixed-pattern character sequences and variable-character expressions, respectively, the match detection signals including at least one match detection signal from the TCAM and at least one match detection signal from the VCE match circuitry;
track segment-by-segment detection of any one of the malware signatures in response to the match detection signals from the TCAM and the variable-character-expression match circuitry until the match detection signals indicate a match with respect to a final segment of the one of the malware signatures; and
output a malware notification in response to indication of the match with respect to the final segment.

US Pat. No. 10,218,720

DYNAMIC CONFIGURATION OF SETTINGS IN RESPONSE TO DDOS ATTACK

Level 3 Communications, L...

1. A method of modifying settings of a server in response to an attack, the method comprising:monitoring client requests made to the server, the server having a first set of resources that are used to respond to client requests, each resource of the first set being capable of being increased and decreased, wherein an amount of a resource available for responding to the client requests is specified by a resource setting;
determining a first amount of a first resource of the first set that is currently being used to respond to the client requests;
comparing the first amount to a first threshold, the first threshold being less than a current value of a first resource setting corresponding to the first resource;
in response to the first amount being larger than the first threshold, increasing a value of the first resource setting, thereby increasing the amount of the first resource available to respond to client requests;
detecting an attack on the server; and
changing a second resource setting for a second resource of a second set of resources, the second resource setting having two possible values.

US Pat. No. 10,218,719

CREDENTIAL MODIFICATION NOTIFICATIONS

Apple Inc., Cupertino, C...

1. A system for providing an alert, the system comprising:one or more data processors; and
a non-transitory computer readable storage medium containing instructions which, when executed by the one or more data processors, cause the one or more data processors to perform actions including:
receiving, from a requesting system, a first communication identifying a credential associated with a task, the first communication comprising a request to monitor a status of the credential;
updating a device-listening data store to associate the credential with an identifier associated with the requesting system;
monitoring for an event indicating that the credential has been modified or cancelled; and
transmitting, upon detecting the event indicating that the credential has been modified or cancelled, an alert to the requesting system, using the identifier associated with the requesting system.

US Pat. No. 10,218,718

RAPID, TARGETED NETWORK THREAT DETECTION

Cisco Technology, Inc., ...

1. A method comprising:at a computing device having connectivity to a network, determining features of background network traffic;
extracting features from samples of a particular type of network threat;
determining a characteristic of the particular type of network threat that best differentiates the features of the particular type of network threat from the features of the background network traffic;
based on the characteristic, creating a targeted detector for the particular type of network threat that is deployable as a stand-alone detector; and
applying an action to particular incoming network traffic identified by the targeted detector as being associated with the particular type of network threat.

US Pat. No. 10,218,717

SYSTEM AND METHOD FOR DETECTING A MALICIOUS ACTIVITY IN A COMPUTING ENVIRONMENT

AWAKE SECURITY, INC., Mo...

1. A method for detecting a likely threat from a malicious attack, comprising:monitoring a communication between a user computer and at least one destination computer by a security appliance;
extracting selective information from the communication by the security appliance;
associating selective information to one or more attributes of a security entity; and
generating a knowledge graph for a plurality of security entities based on the associated selective information, the knowledge graph indicative of a time based association between the security entity and one or more attributes of the security entity.

US Pat. No. 10,218,716

TECHNOLOGIES FOR ANALYZING UNIFORM RESOURCE LOCATORS

Intel Corporation, Santa...

1. A Uniform Resource Locator (URL) analysis system to analyze a URL, the URL analysis system comprising:a hardware processor; and
a memory having instructions stored therein that, when executed by the hardware processor, cause the URL analysis system to establish a URL lexical ensemble analyzer, a third-party detection analyzer, a local URL metadata analyzer, and a URL additional analysis selector, wherein:
the URL lexical ensemble analyzer is to (i) analyze the URL based on an ensemble lexical analysis to determine a first malicious classification score for the URL, wherein the first malicious classification score is indicative of whether the URL is malicious and (ii) determining whether the first malicious classification score satisfies a confidence threshold;
the third-party detection analyzer is to (i) analyze the URL based on third-party malicious URL detection results associated with the URL and determined by a third-party source to determine a second malicious classification score for the URL in response to a determination that the first malicious classification score does not satisfy the confidence threshold, wherein the second malicious classification score is indicative of whether the URL is malicious and (ii) determine whether the second malicious classification score satisfies the confidence threshold;
the local URL metadata analyzer is to analyze metadata related to the URL to determine a third malicious classification score for the URL in response to a determination that the second malicious classification score does not satisfy the confidence threshold, wherein the third malicious classification score is indicative of whether the URL is malicious; and
the URL additional analysis selector is to determine whether to select the URL for additional analysis based on selection criteria not used in (i) the analysis of the URL using the ensemble lexical analysis, (ii) the analysis of the URL based on third-party URL metadata, and (iii) the analysis of the metadata related to the URL.

US Pat. No. 10,218,715

SECURED NETWORK BRIDGE

BAE SYSTEMS PLC, London ...

1. A network bridge device for applying communications security services to messages passing by means of the network bridge device between a first network and a second network, the network bridge device comprising:a first network interface for linking to the first network and a second network interface for linking to the second network;
a first hardware logic module arranged to receive a message from the first network interface and configured to apply, to the message received from the first network interface, a first set of one or more predetermined message content security functions and to output or to block the message received from the first network interface according to the result of applying said first set of one or more functions;
a second hardware logic module configured to apply, to the message received from the first network interface, device authentication data according to a predetermined authentication scheme to enable the device to be identified as a trusted source of the message;
a third hardware logic module configured to apply, to a message received from the second network interface, the predetermined authentication scheme to identify a source of the message received from the second network interface as a trusted source; and
a fourth hardware logic module configured to apply, to the message received from the second network interface, a second set of one or more predetermined message content security functions and to output or to block the message received from the second network interface according to the result of applying said second set of one or more predetermined message content security functions,
wherein the first network interface is linked to the second network interface by a unidirectional data pathway incorporating the first hardware logic module and the second hardware logic module to ensure unidirectional flow of messages from the first network interface to the second network interface by means of the first and second hardware logic modules only and
wherein the second network interface is linked to the first network interface by a unidirectional data pathway incorporating the third hardware logic module and the fourth hardware logic module to ensure unidirectional flow of messages from the second network interface to the first network interface by means of the third and fourth hardware logic modules only.

US Pat. No. 10,218,714

METHOD FOR CHECKING THE INTEGRITY OF A DIGITAL DATA BLOCK

CENTRE NATIONAL DE LA REC...

1. A method for generating a digital file having a verifiable integrity, comprising:searching for a location in an initial digital file for inserting freely-defined data having a data format independent from a file format of the initial digital file, while preserving the file format of the initial digital file,
generating a modified file by inserting at a found location a data section comprising a first excluded part and a first mark for locating the first excluded part in the modified digital file, and the first excluded part including 0 bit or more, up to all bits of the data section,
calculating a first digital fingerprint by applying a fingerprint calculation function to the modified digital file, the first digital fingerprint having a value depending on all bits of the modified file other than all bits of the first excluded part, and
generating a first digital file by inserting the first digital fingerprint into the first excluded part in the modified file.

US Pat. No. 10,218,713

GLOBAL ATTESTATION PROCEDURE

International Business Ma...

1. A computer-implemented method, comprising: utilizing, by one or more processors on a computing device, executing one or more programs of an authentication application, location services executing on the computing device to obtain location data from the location services, wherein the location data indicates a physical location of the computing device contemporaneously with the executing; based on obtaining the location data, creating and encoding, by the one or more processors, a data structure from the location data in a secured area of a memory of the computing device, wherein the data structure is only accessible to the authentication application; transmitting, by the one or more processors, to an authentication server, an authentication request, wherein the authentication request comprises the encoded location data, and the authentication request is a request for access to secure content via the authentication server; obtaining, by the one or more processors, from the authentication server, a request to query identifiers geographically proximate to the computing device for additional location information, wherein geographically proximate to the computing device comprises within a pre-defined perimeter around the physical location of the computing device; responsive to the request, querying, by the one or more processors, the identifiers for the additional location information, wherein the additional location information comprises location data originating from each of the identifiers, indicating a location of each of the identifiers, and transmitting the additional location information to the authentication server; obtaining, by the one or more processors, a notification, responsive to the authentication request, from the authentication server; and based on obtaining the notification, erasing, by the one or more processors, the secured area and turning off the location services on the computing device.

US Pat. No. 10,218,711

PROVIDING GEOGRAPHIC PROTECTION TO A SYSTEM

Intel Corporation, Santa...

1. A computing device with technology for implementing and authenticating geo-specific launch control policies, the computing device comprising:a hardware processor;
a location sensor in communication with the hardware processor, the location sensor configured to provide geographic information identifying a current location of the computing device;
at least one secure storage in communication with the hardware processor;
multiple geo-specific public keys in the secure storage, wherein at least one of the geo-specific public keys corresponds to a geo-specific private key, and wherein each set of corresponding geo-specific public and private keys is associated with a predetermined location;
a geographic launch control policy (LCP) manifest in the secure storage;
at least one geo-specific LCP record in the geographic LCP manifest, the geo-specific LCP record comprising;
a launch policy for a software agent of the computing device, wherein the launch policy provides for different results, depending on whether the current location of the computing device is an approved location for the software agent; and
a digital signature that was created using a key among the geo-specific private keys that is associated with the approved location for the software agent; and
a geo-policy code module that, when executed on the hardware processor, (i) automatically determines whether to launch a desired software agent, based on geo-policy conditions comprising (a) the current location of the computing device, (b) existence in the geographic LCP manifest of at least one geo-specific LCP record that is associated with the current location of the computing device and with the desired software agent, and (c) authenticity of said geo-specific LCP record, and (ii) automatically launches a recovery agent in response to failure of one or more of the geo-policy conditions; and
wherein the geo-policy code module is configured to use at least one of the geo-specific public keys to evaluate the authenticity of said geo-specific LCP record.

US Pat. No. 10,218,710

SYSTEM CONFIGURATIONS FOR DATA STREAM ACCESSIBILITY

PayPal, Inc., San Jose, ...

1. A system, comprising:a non-transitory memory; and
one or more hardware processors coupled to the non-transitory memory and configured to read instructions from the non-transitory memory to cause the system to perform operations comprising:
generating, for a first user, a first data stream comprising first data corresponding to a first set of data types associated with the first user;
receiving, from the first user via a first user device, a request associated with a second set of data types different from the first set of data types;
searching a database to identify at least a second data stream associated with a second user based on the request received from the first user, wherein the second data stream comprises second data corresponding to the second set of data types, wherein the second data stream is different from the first data stream;
extracting the second data corresponding to the second set of data types from the second data stream;
transmitting a data access request to the second user via a second user device, wherein the data access request indicates the second set of data types;
determining, based on a response received from the second user via the second user device, an access level for accessing the second data extracted from the second data stream by the first user;
updating the first data stream by inserting the second data at a first position within the first data stream different from a second position corresponding to the extracted data within the second data stream based on the determined access level; and
transmitting the updated first data stream to the first user device for display.

US Pat. No. 10,218,709

SHARE PERMISSIONS AND ORGANIZATION OF CONTENT IN AN APPLICATION WITH MULTIPLE LEVELS OF ORGANIZATIONAL HIERARCHY

Microsoft Technology Lice...

9. A method for providing share permissions and organization of content with multiple levels of organizational hierarchy, the method comprising:at a content processing module executed on a computing device:
receiving, from a first user, a content to be stored in one of a plurality of hierarchically organized containers, the containers comprising a notebook, wherein the content is one or more of created, edited, or organized by the first user; and
at a sharing module executed on the computing device:
receiving, from the first user, a request to share the content within the notebook;
in response to receipt of the request, sharing the content with another user by granting a permission for one or more of editing or organizing the content, wherein the permission associated with the content is distinct from a second permission granted to the other user for a higher level container that includes the container with the content;
providing, to the first user, a first sharing status in a form of a first share vector representing a sharing status of each of the plurality of hierarchically organized containers over time;
providing, to the other user, a second sharing status in a form of a second share vector representing a sharing status of the container with the content over time;
after granting the permission for the one or more of the editing or the organizing of the content to the other user, receiving, from the first user, a request to share the higher level container that includes the container with the content within the notebook;
in response to receipt of the request to share the higher level container, granting the other user the second permission;
providing, to the first user, an updated first sharing status in a form of a third share vector representing the sharing status of each of the plurality of hierarchically organized containers over time from the first share vector, including the higher level container with the content; and
providing, to the other user, an updated second sharing status in a form of a fourth share vector representing the sharing status over time from the second share vector of both the container with the content and the higher level container with the content.

US Pat. No. 10,218,708

SYSTEMS FOR PROVIDING ELECTRONIC ITEMS HAVING CUSTOMIZABLE LOCKING MECHANISM

CAPITAL ONE SERVICES, LLC...

1. A method for providing a locked electronic item, comprising:receiving, from a first computing device associated with a sender via a software application, a selection of an electronic lock and the electronic item, wherein the electronic lock comprises a lock clue and a lock solution;
determining, based on the lock solution, an answer input field configuration, wherein the answer input field configuration comprises a number of input boxes and spaces that are arranged to correspond to the lock solution;
transmitting, to a second computing device associated with a recipient, the lock clue and the input field configuration;
causing the second computing device to display the lock clue and the input field configuration;
receiving, from the second computing device, an attempted lock solution comprising a set of alphanumeric characters equal to the number of input boxes, wherein the set of alphanumeric characters are configured in a spatial arrangement that corresponds to the input field configuration;
determining whether the attempted lock solution matches the lock solution;
responsive to determining that the attempted lock solution does not match the lock solution:
transmitting, to the first computing device, an unlock attempt notification comprising a failed unlock attempt indication;
receiving, from the first computing device, a remote unlock instruction;
unlocking and transmitting, responsive to the remote unlock instruction, the electronic item to the second computing device;
causing the second computing device to display the electronic item; and
responsive to determining that the attempted lock solution matches the lock solution,
transmitting the electronic item to the second computing device for display or use by the second computing device.

US Pat. No. 10,218,707

CONTROLLING ACCESS TO COMPUTER ACCOUNTS MANAGED BY A COMPUTER ACCOUNT SERVER TO PROVIDE HANDOFF TO A NOMINEE COMPUTER TERMINAL

CA, Inc., New York, NY (...

1. A method comprising:performing operations as follows on a processor of a computer account server:
receiving a nominee identity from an account owner associated with owner access credentials;
storing the nominee identity in a data structure of a computer account that is selected based on the owner access credentials from among a plurality of computer accounts managed by the computer account server;
restricting electronic access to information stored in the data structure of the computer account, to access requests from computer terminals that provide the owner access credentials;
responsive to determining that an account handoff event has become satisfied for the computer account, sending a nominee handoff message using the nominee identity retrieved from the data structure of the computer account;
receiving a nominee access request message, responsive to the nominee handoff message, from a nominee computer terminal contacted through the nominee handoff message;
responsive to validating content of the nominee access request message, modifying the restricting of electronic access to grant the nominee computer terminal electronic access to the information stored in the data structure of the computer account;
receiving a set of nominee identities which includes the nominee identity;
obtaining security key fragments; and
distributing different ones of the security key fragments to different computer terminals identified by associated ones of the nominee identities in the set, one of the computer terminals including the nominee computer terminal,
wherein responsive to determining that the account handoff event has become satisfied for the computer account, nominee handoff messages are sent to the computer terminals;
wherein receiving the nominee access request message, comprises receiving the security key fragments from the computer terminals identified by the nominee identities in the set responsive to the nominee handoff messages, and receiving the nominee access request message from the nominee computer terminal;
wherein the validation of content of the nominee access request message from the nominee computer terminal, comprises generating a reconstructed security key based on the key fragments received from the computer terminals and validating the reconstructed security key.

US Pat. No. 10,218,706

SYSTEM AND METHOD OF SUPERVISORY CONTROL

Sony Interactive Entertai...

1. A method of supervisory control, comprising the steps of:setting, at a remote device, a first usage control parameter for a first account associated with access to content on a class of entertainment devices;
monitoring, at an entertainment device of belonging to the class of entertainment devices, which one or more account or accounts that are active on the entertainment device;
detecting in a first instance, by one or more processors, one or both of a number of input peripherals that are coupled to the entertainment device and a type of the input peripherals coupled to the entertainment device;
detecting in a second instance, by one or more processors, a type of the input peripherals that are coupled to the entertainment device;
obtaining, at the entertainment device, the first usage control parameter set for the first account; and
restricting, by one or more processors, usage of content on the entertainment device responsive to the first usage control parameter;
wherein, in the first instance, the first usage control parameter for the first account restricts usage of content based on one or both of the detected number of the input peripherals or the detected type of the input peripherals coupled to the entertainment device, and
wherein, in the second instance, the first usage control parameter for the first account restricts usage of content based on the detected type of the input peripherals that are coupled to the entertainment device.

US Pat. No. 10,218,705

MULTI-TENANT IDENTITY AND DATA SECURITY MANAGEMENT CLOUD SERVICE

ORACLE INTERNATIONAL CORP...

1. A system for providing cloud-based identity and access management, comprising:a first data partition of a data source storing data for a first tenancy and a second data partition of the data source storing data for a second tenancy, wherein the first data partition is isolated from the second data partition;
one or more processors coupled to a storage device comprising instructions that, when executed by the one or more processors, are configured to:
receive a request from a client for an identity management service;
authenticate the request;
access a microservice based on the request;
determine, at the microservice based on the request, that a user related to the request comprises the first tenancy and a resource related to the request comprises the second tenancy, wherein the first tenancy and the second tenancy are determined from among a plurality of tenancies;
retrieve, by the microservice, data from at least one the first data partition based on the first tenancy or the second data partition based on the second tenancy, wherein a runtime binding with the first data partition is established when data is retrieved in a context of the first tenancy and a runtime binding with the second data partition is established when data is retrieved in a context of the second tenancy; and
perform the identity management service using the retrieved data at the microservice.

US Pat. No. 10,218,704

RESOURCE ACCESS CONTROL USING NAMED CAPABILITIES

CISCO TECHNOLOGY, INC., ...

1. A method performed at a server managing a resource for providing access to a resource in a distributed network, the method comprising: receiving from a client for request for access to a resource, the request for access comprising a name of the resource, a requested operation of the resource, and a distinct named capability, the named capability including the name of the resource, the requested operation, a signature and a server managing the resource;first determining, whether the client is authorized to access the resource identified by the named capability;
second determining that the name of the resource in the named capability matches the name of the resource in the request for access;
third determining that the requested operation of the request for access is listed in the named capability;
fourth determining that the signature is correct and represents a trusted signer;
granting access to the resource named by the named capability in response to at least positive results of the first, second, third and fourth determining; and
preventing the server managing the resource from receiving the request for access to the resource in response to a negative result of any of the first, second, third and fourth determining wherein the first, second, third and fourth determining are performed by a chaperone service function residing within a communication path between the client and the server managing the resource.

US Pat. No. 10,218,703

DETERMINING A PERMISSION OF A FIRST TENANT WITH RESPECT TO A SECOND TENANT

Hewlett-Packard Developme...

1. A method comprising:storing, by a system including a processor, a first representation of privileges among a plurality of tenants of the system, the plurality of tenants having relationships according to a hierarchy that includes a plurality of hierarchical levels of the tenants, wherein at least one of the privileges specifies an access permission of a first of the tenants at a first of the hierarchical levels to a resource of a second of the tenants at one of the hierarchical levels, and wherein the first representation is independent of a representation of the relationships among the plurality of tenants;
in response to a request from the first tenant for the resource of the second tenant, determining, by the system based on the first representation, whether the first tenant is permitted to access the resource of the second tenant; and
dynamically modifying the first representation to change the privileges among the plurality of tenants, without changing the representation of the relationships among the plurality of tenants.

US Pat. No. 10,218,702

VEHICLE ACCESS SYSTEMS AND METHODS

SILVERCAR, INC., Austin,...

1. A system comprising:a mobile computing device comprising a processor, memory, a transceiver configured for local point-to-point communication, and an application stored in the memory and comprising instructions configured to be executed by the processor to:
receive from a server of a reservation management (RM) system reservation information associated with a reservation for a user with which the mobile computing device is associated;
receive signals from a local transceiver of each of one or more of a plurality of vehicles that are within a communications range of the local transceiver of the mobile computing device, the received signals including an indication of the state record of the corresponding vehicle;
validate the reservation information; and
if the reservation information is validated,
display to the user an indication of each of one or more vehicles that are available;
receive from a user a selection of one of the available vehicle(s); and
transmit the user's selection of one of the available vehicle(s) to the server.

US Pat. No. 10,218,701

SYSTEM AND METHOD FOR SECURING ACCOUNT ACCESS BY VERIFYING ACCOUNT WITH EMAIL PROVIDER

Avaya Inc., Santa Clara,...

1. A communication system, comprising:a server, comprising:
a microprocessor; and
a computer readable medium coupled to the microprocessor and comprising instructions stored thereon that cause the microprocessor to:
determine, based on login credentials presented to the server, an email address of a user associated with the login credentials;
establish an electronic mail transfer protocol connection across a communication network between the server and an email server of an email provider of the email address of the user;
send, across the communication network via the electronic mail transfer protocol connection, an electronic mail transfer protocol command to the email server, wherein the electronic mail transfer protocol command to generates a validation response message by the email server, and wherein the validation response message identifies whether the email address of the user is present and active at the email server of the email provider;
automatically generate an access token associated with the user when the validation response message received by the server identifies that the email address of the user is present and active at the email server of the email provider, wherein the access token enables access to a protected resource by a communication device of the user during a lifetime of the access token, and wherein the protected resource is unavailable to the communication device of the user without the access token; and
prevent access to the protected resource by the communication device of the user when the validation response message identifies that the email address of the user is neither present nor active at the email server of the email provider.

US Pat. No. 10,218,700

AUTHORIZATIONS FOR COMPUTING DEVICES TO ACCESS A PROTECTED RESOURCE

CA, Inc., Austin, TX (US...

1. A method comprising:creating, by a first computing device, a mutual trust relationship with at least an agent on a second computing device, and an agent on a third computing device, the creating further comprising registering the trust relationship with the second computing device and the third computing device using tokens stored on the second computing device and the third computing device, respectively, the second computing device associated with a first user and the third computing device associated with a second user;
after the mutual trust relationship is created, receiving, by the first computing device, an access permission request responsive to input from the first user from the second computing device to access a protected resource usable on the second computing device and that is accessible by the third computing device, the protected resource provided by a fourth computing device;
preparing, by the first computing device, an authorization request to the third computing device to allow the second computing device to permission access the protected resource;
outputting, by the first computing device, the authorization request to the third computing device;
receiving, by the first computing device, an indication from the third computing device in response to an input to the third computing device from the second user that the second computing device has permission to access the protected resource; and
outputting, by the first computing device, authorization information to the second computing device so that the second computing device uses the authorization information to access the protected resource on the fourth computing device.

US Pat. No. 10,218,698

USING A MOBILE DEVICE NUMBER (MDN) SERVICE IN MULTIFACTOR AUTHENTICATION

Verizon Patent and Licens...

1. A method comprising:identifying, by a processor of a verification data generation system, an encryption key associated with a verification device, wherein the verification device is different from the verification data generation system;
determining, by the processor, attributes of a session between a source device and the verification device, wherein the source device is different from the verification data generation system, wherein first verification data is sent from the source device to the verification device via the session, wherein the first verification data identifies an account, wherein the account is associated with a user device, wherein the verification device generates user device data associated with a first identifier of the user device, and wherein the verification device sends the source device a request for additional verification data;
receiving, by the processor and from the source device, the request for additional verification data;
determining, by the processor and in response to receiving the request for additional verification data, a second identifier associated with the source device based on information in the request for additional verification data and information regarding sessions established between the source device and the verification device stored in a storage associated with the verification data generation system;
generating, by the processor, second verification data based on the second identifier associated with the source device;
encrypting, by the processor and based on the encryption key associated with the verification device, the second verification data; and
forwarding, by the processor, the encrypted second verification data toward the verification device, wherein the verification device decrypts the encrypted second verification data to recover the second verification data, wherein the verification device compares the second verification data to the user device data associated with the first identifier of the user device, and wherein the verification device determines that the source device corresponds to the user device when the user device data corresponds to the second verification data.

US Pat. No. 10,218,697

USE OF DEVICE RISK EVALUATION TO MANAGE ACCESS TO SERVICES

LOOKOUT, INC., San Franc...

1. A method, comprising:receiving data in a communication from a computing device of an identity provider;
subsequent to receiving the data, receiving, by a second computing device, a request from a first computing device, the request for access by the first computing device to a service, wherein the access requires authorization by the computing device of the identity provider, and access to the service requires that a software component is installed on the first computing device;
in response to the request, performing, by the second computing device, an evaluation of a configuration of the first computing device, wherein the evaluation comprises determining a risk level, and wherein the evaluation is based at least in part on the received data from the identity provider;
performing, by the second computing device, an action based on the evaluation, wherein the action comprises sending a first communication to the computing device of the identity provider, the first communication indicating the risk level, wherein the identity provider is of record with the second computing device to use for authorizing requests for access to the service, and wherein the identity provider is configured to authorize access to the service in response to receiving the first communication;
determining whether the software component is installed on the first computing device; and
in response to determining that the software component is not installed on the first computing device:
creating a fingerprint of the first computing device, the fingerprint including data extracted from at least one communication from the first computing device; and
determining whether the fingerprint matches a fingerprint of another computing device that has previously communicated with the second computing device.

US Pat. No. 10,218,696

TARGETED SECURE SOFTWARE DEPLOYMENT

Microsoft Technology Lice...

1. A system comprising:one or more processors; and
memory storing modules that, when executed by the one or more processors, cause the system to perform operations comprising:
determining that a remote device is to receive a software update;
identifying a public storage root key (SRK) associated with the remote device;
determining a first set of platform configuration registers (PCRs) associated with a trusted operation of firmware operating on the remote device;
determining a second set of PCRs associated with an expected operation of at least a portion of the software update on the remote device;
determining a random symmetric key (RSK);
encrypting, as an encrypted software package, the software update using the RSK;
encrypting, as encrypted configuration settings, the first set of PCRs and the second set of PCRs using the RSK;
encrypting, as an encrypted RSK, the RSK with the public SRK of the remote device; and
transferring the encrypted software package, the encrypted configuration settings, and the encrypted RSK to the remote device, wherein at least a portion of the encrypted software package is imported by the remote device based at least in part on a private SRK of the remote device and after a determination that the first set of PCRs of the encrypted configurations settings correspond to firmware PCRs of the remote device and the second set of PCRs of the encrypted configurations settings correspond to boot manager PCRs of the remote device.

US Pat. No. 10,218,695

SYSTEMS AND METHODS FOR PROVIDING CREDENTIALLESS LOGIN USING A RANDOM ONE-TIME PASSCODE

CAPITAL ONE SERVICES, LLC...

1. A system for providing a credentialless login, comprising:one or more processors of an authentication device; and
a memory in communication with the one or more processors and storing instructions that, when executed by the one or more processors, are configured to cause the system to:
receive, from a software application running on a first user-device, a request for credentialless login;
responsive to receiving an authentication of a user accessing the software application running on the first user-device, generate an access code for a credentialless login for an account of the user;
transmit, to the software application running on the first user-device, data representing the generated access code;
receive, from a second user-device, data representing a credentialless login attempt, the data representing the credentialless login attempt comprising an attempted access code; and
authorize, based on a determination that the attempted access code matches the generated access code, the second user device to access the account of the user.

US Pat. No. 10,218,694

SECURELY ORCHESTRATING EVENTS INITIATED AT REMOTE SERVERS USING A CERTIFICATE SERVER

Bank of America Corporati...

1. A computing platform, comprising:at least one processor;
a communication interface communicatively coupled to the at least one processor; and
memory storing computer-readable instructions that, when executed by the at least one processor, cause the computing platform to:
receive, via the communication interface, from a first server computer system, a first event request comprising first entity information and first event details information;
identify a first entity associated with the first event request based on the first entity information;
based on identifying the first entity associated with the first event request based on the first entity information, generate a first entity verification request;
send, via the communication interface, to a certificate server, the first entity verification request;
receive, via the communication interface, from the certificate server, first certificate information associated with the first entity;
validate the first certificate information associated with the first entity received from the certificate server;
based on validating the first certificate information associated with the first entity received from the certificate server, generate, based on the first entity information and the first event details information, one or more event orchestration commands directing a second server computer system to execute one or more actions associated with the first event request; and
send, via the communication interface, to the second server computer system, the one or more event orchestration commands directing the second server computer system to execute the one or more actions associated with the first event request.

US Pat. No. 10,218,693

MANAGEMENT OF DIGITAL CERTIFICATES

International Business Ma...

1. A computer-implemented method for displaying an interactive graphical map of certificate relationships for one or more cells, each cell including one or more compute nodes, each node including one or more servers, comprising:retrieving certificate information for a plurality of servers within the one or more cells, and storing the retrieved certificate information in a memory;
receiving an organization specification describing an organization structure for the plurality of servers;
receiving a user input command to generate the interactive graphical map of certificate relationships, the interactive graphical map including visual elements, wherein the visual elements include interactive icons, and the command including a command scope that identifies a certificate expiration date criteria;
identifying at least two servers having certificates satisfying the certificate expiration date criteria;
generating the interactive graphical map from the retrieved certificate information;
rendering the interactive graphical map on a display device, the interactive graphical map simultaneously indicating:
the at least two servers having certificates satisfying the certificate expiration date criteria, wherein interactive icons that represent each of the at least two servers are highlighted and arranged on the interactive graphical map according to the organization specification; and
one or more devices, each device having a certificate relationship with a server from the at least two servers, wherein interactive icons that represent the one or more devices are highlighted in response to a user selection of a highlighted interactive icon that represents the server; and
receiving, on the interactive graphical map, an input command for certificate replacement for the at least two servers; and
causing, in response to input command, a replacement certificate to be generated and issued to said at least two servers to satisfy the certification expiration date criteria.

US Pat. No. 10,218,692

MANAGEMENT OF DIGITAL CERTIFICATES

International Business Ma...

1. A computer system for displaying an interactive graphical map of certificate relationships for one or more cells, each cell including one or more compute nodes, each node including one or more servers, comprising:a processor; and
a memory communicatively coupled with the processor, wherein the memory includes a certificate visibility agent to perform operations comprising:
retrieving certificate information for a plurality of servers within the one or more cells and storing the retrieved certificate information in the memory;
receiving an organization specification describing an organization structure for the plurality of servers;
receiving a command to generate the interactive graphical map of certificate relationships, the interactive graphical map including visual elements, wherein the visual elements include interactive icons, and the command including a command scope that identifies a certificate expiration date criteria;
identifying at least two servers having certificates satisfying the certificate expiration date criteria;
generating the interactive graphical map from the retrieved certificate information and rendering the interactive graphical map on a display device, the interactive graphical map simultaneously indicating:
the at least two servers having certificates satisfying the certificate expiration date criteria, wherein interactive icons that represent each of the at least two servers are highlighted, and arranged on the interactive graphical map according to the organization specification; and
one or more devices, each device having a certificate relationship with a first server from the at least two servers, wherein interactive icons that represent the one or more devices are highlighted in response to a user selection of a highlighted interactive icon that represents the first server; and
receiving, on the interactive graphical map, an input command for certificate replacement for the at least two servers; and
causing, in response to input command, a replacement certificate to be generated and issued to said at least two servers to satisfy the certification expiration date criteria.

US Pat. No. 10,218,691

SINGLE SIGN-ON FRAMEWORK FOR BROWSER-BASED APPLICATIONS AND NATIVE APPLICATIONS

AirWatch LLC, Atlanta, G...

1. A system for providing a single sign-on capability to at least one application installed on a client device, comprising:the client device; and
an identity provider application executable by the client device, the identity provider application causing the client device to at least:
register the identity provider application as a local identity provider on the client device using an application programming interface (API) associated with an operating system of the client device, wherein the identity provider application specifies a particular identity provider server address for an identity provider service for which the identity provider application is the local identity provider;
obtain a user credential associated with a user account;
authenticate the user credential for the user account with the identity provider service;
obtain a request to validate an installation of an application installed on the client device based upon the user account;
validate the installation of the application based upon at least one parameter embedded within the request, the installation of the application being validated by extracting a package family name from the request to authenticate the installation of the application, generating a session identifier associated with the request to authenticate the installation of the application and providing the session identifier and an encryption key to the installation of the application;
request an authentication key from the identity provider service; and
provide the authentication key to the application, wherein the application authenticates the user account with the identity provider service using the authentication key.

US Pat. No. 10,218,690

ABSTRACTING AN AUTHENTICATION SEQUENCE USING HTTP

International Business Ma...

1. A computer-implemented method of abstracting an authentication sequence between a client, a server and zero or more authentication servers, the computer-implemented method comprising:provisioning an enterprise server with an authentication response language, wherein the authentication response language allows the enterprise server to issue instructions for authentication steps to an enterprise client, wherein the authentication response language enables the enterprise client to execute a set of instructions for navigating an authentication sequence;
navigating, by one or more hardware processors, the authentication sequence depending on a protocol inherently used by the authentication topology;
receiving, by the enterprise client, a set of authentication instructions from the enterprise server formulated in the authentication response language, wherein the enterprise client is accessing a protected resource, and wherein the enterprise client is not already authenticated;
interpreting, by the enterprise client, the provided authentication instructions;
following, by the enterprise client, a sequence by sending requests and receiving responses from one or more servers in the authentication topology until the sequence is complete;
determining, by the one or more hardware processors, an authentication resolution of the enterprise client based on a success or fail caused by user interactions at the enterprise client; and
providing, by the one or more hardware processors, access to the protected resource in response to the authentication resolution of the enterprise client succeeding.

US Pat. No. 10,218,689

EXTENDING SHROUDING CAPABILITY OF HOSTING SYSTEM

INTERNATIONAL BUSINESS MA...

1. A computer implemented method for extending shrouding capability of a virtual server hosting system, the method comprising:receiving, by a host manager, a request to deploy a shrouded virtual server using a predetermined set of hardware components and using a shrouded mode, the shrouded mode preventing an administrator of a hosting system from accessing data or applications of the virtual server, the request being sent by a client device;
adding, by the host manager, a guest server to the hosting system, the guest server comprising the predetermined set of hardware components;
deploying, by the host manager, a preconfigured hypervisor on the guest server, wherein the preconfigured hypervisor is deployed in an immutable mode that disables changes to security settings of the preconfigured hypervisor;
deploying, by the preconfigured hypervisor, a preconfigured boot image as an instance of the virtual server on the preconfigured hypervisor; and
sending, by the host manager, an identifier of the virtual server for receipt by the client device.

US Pat. No. 10,218,688

CREATING AWARENESS OF ACCESSED TO PRIVACY-SENSITIVE DEVICES

MICROSOFT TECHNOLOGY LICE...

1. A method comprising:under control of one or more processors of a computing device:
detecting when an application displaying content within a window on a display of the computing device begins receiving a data stream captured by a camera, a microphone, a location sensor or an accelerometer of the computing device;
determining if a request submitted by the application to access the data stream captured by the camera, the microphone, the location sensor or the accelerometer of the computing device has been granted by determining whether a module of the computing device is in one of a default-on mode and a default-off mode, wherein the application is determined to have granted the request in response to determining that the module is in the default-on mode, and wherein the application is determined to have granted the request in response to determining that the module is in the default-off mode and when authorization is received to allow the application to access the data stream; and
in response to detecting that the application has begun receiving the data stream and in response to the determining that the application request has been granted, causing display of a graphical icon on or adjacent to the window of the application on the display, the displayed graphical icon dynamically altering in appearance based on data of the data stream to visually represent the data stream being received by the application, and the displayed graphical icon includes dynamic animations that visually dynamically alter in unison with the data of the data stream.

US Pat. No. 10,218,687

DIFFERENTIAL CLIENT-SIDE ENCRYPTION OF INFORMATION ORIGINATING FROM A CLIENT

PayPal, Inc., San Jose, ...

1. A method comprising:receiving, from an entity server over a network by a computer system comprising one or more hardware processors, a processing request comprising an encrypted data package encrypted by a client device, wherein the encrypted data package comprises an encrypted symmetric key encrypted using a first public key allocated to the entity server and encrypted data encrypted using a symmetric key corresponding to the encrypted symmetric key;
determining, by the computer system, a first private key corresponding to the first public key allocated to the entity server by accessing a plurality of private keys stored in a memory;
decrypting, by the computer system, the encrypted symmetric key using the private key to obtain the symmetric key;
decrypting, by the computer system, the encrypted data using the symmetric key to obtain first data; and
providing, by the computer system, a processing result based on at least a portion of the first data.

US Pat. No. 10,218,686

DYNAMICALLY MANAGING, FROM A CENTRALIZED SERVICE, VALID CIPHER SUITES ALLOWED FOR SECURED SESSIONS

INTERNATIONAL BUSINESS MA...

1. A method, comprising:establishing, at a centralized service available in a hosted network, a permission list of at least one cipher suite valid for secure connections;
responsive to receiving, at the centralized service, a request from a socket indicating the socket is negotiating a secure connection with another socket, sending the permission list to the socket, wherein the socket negotiates with the another socket for a mutual cipher suite from among the at least one cipher suite specified in the permission list;
receiving, at the centralized service, from the socket, a session identifier specifying the socket and the mutual cipher suite for a new session established between the socket and the another socket;
adding, by the centralized service, the session identifier specifying the socket and the mutual cipher suite to a current session log;
in response to identifying a particular cipher suite is vulnerable, searching, by the centralized service, the current session log to determine if the particular cipher suite matches one or more previously stored mutual cipher suites;
in response to the particular cipher suite matching one or more previously stored mutual cipher suites, generating, by the centralized service, an alert to send to each socket specified in each entry for the matching one or more previously stored cipher suites; and
responsive to identifying that the particular cipher suite matching the mutual cipher suite used in an ongoing secure session for the socket is revoked, notifying, by the centralized service, the socket that the mutual cipher suite is revoked.

US Pat. No. 10,218,685

KEYCHAIN SYNCING

APPLE INC., Cupertino, C...

1. A non-transitory machine-readable medium storing a program which when executed by at least one processing unit of a first peer device synchronizes a set of keychain items stored in a keychain on the first peer device with sets of keychain items stored in keychains on a plurality of other peer devices, each keychain item comprising a keychain item identifier and a plurality of attributes, the first peer device and the plurality of other peer devices communicatively coupled to one another through a network, the first peer device locally storing, for each other peer device in the plurality of other peer devices, an encryption key corresponding to the other peer device and a list of all keychain identifiers on the other peer device, and the program comprising sets of instructions for:receiving a modification to at least one of the plurality of attributes of each keychain item of a subset of the set of keychain items of the keychain stored on the first peer device;
for each other peer device in the plurality of other peer devices, determining whether a list of all keychain item identifiers for the first peer device matches the list of all keychain item identifiers on the other peer device;
generating a respective update request for each respective other peer device in the plurality of other peer devices for which the list of all keychain item identifiers does not match the list of all keychain item identifiers for the first peer device, in order to synchronize the keychain stored on the first peer device with the keychains of the plurality of other peer devices, wherein the respective update request for each respective other peer device comprises (i) a list of keychain item identifiers indicating each of the keychain items in the keychain of the respective other peer device to be modified and (ii) the modification to be made to the at least one of the plurality of attributes of each of the keychain items to be modified, wherein the respective update request for a first respective other peer device comprises a different set of modifications than the respective update request for a second respective other peer device;
encrypting, for each respective other peer device for which the respective update request was generated and using the encryption key corresponding to the respective other peer device, the keychain items corresponding to the list of keychain item identifiers indicating each of the keychain items in the keychain of the respective other peer device to be modified; and
transmitting, to each particular peer device through the network, the update request for the particular peer device and the encrypted keychain items of the particular peer device to be modified over a secure communication channel between the first peer device and the particular peer device.

US Pat. No. 10,218,684

SECURE DATA TRANSMISSION

NCR Corporation, Atlanta...

1. A method, comprising:receiving, on a device, a device identifier for a portable device responsive to a request from the portable device for a file located on the device, wherein receiving further includes receiving the device identifier from a server;
obtaining, by the device, a public key associated with the portable device from a list of public keys maintained on the device based on the device identifier;
encrypting, by the device, the file using the public key, encoding the file, and producing encrypted and encoded data for the file;
dividing, by the device, the encrypted and encoded data into portions; and
broadcasting, by the device, the portions from the device as a graphical animation rendered on a screen of a display of the device, wherein the graphical animation is detectable to a camera of the portable device for receiving all portions of the encrypted and encoded data from the device, wherein broadcasting further includes broadcasting the portions out of order.

US Pat. No. 10,218,683

RELATING PRIVATE DATA OF DIFFERENT ENTITIES

Microsoft Technology Lice...

1. A method comprising:determining, at a server, a representation of an intersection of a member list of first entity and a member list of a second entity, without accessing the member list of the first entity or the member list of the second entity;
causing, at the server, computation, using information associated with the intersection of the member list of the first entity and the member list of the second entity, of coefficients of a numeric relationship between features of members stored by the first entity and numeric data of members stored by the second entity, without accessing the features or the numeric data at the server;
adding noise to the coefficients to prevent use of the coefficients to exactly compute the numeric data from the features of a specific member; and
providing a digital transmission representing the coefficients of the numeric relationship.

US Pat. No. 10,218,682

SECURE NETWORK PROTOCOL CRYPTOGRAPHIC PROCESSING

Amazon Technologies, Inc....

1. A computer-implemented method comprising:obtaining a request to establish a cryptographically protected communication session from a client computer system;
providing a digital certificate to the client computer system, the digital certificate associated with a service provided by a server computer system;
obtaining an encrypted premaster secret from the client computer system, the encrypted premaster secret encrypted using a public cryptographic key included with the digital certificate;
providing, to a cryptographic service that has access to a private cryptographic key associated with the digital certificate, the encrypted premaster secret;
establishing the cryptographically protected communication session with the client computer system, the cryptographically protected communication session operating in accordance with parameters that are based at least in part on the encrypted premaster secret;
obtaining a data token from the server computer system, the data token associated with data to be transmitted to the client computer system;
obtaining encrypted server data from the cryptographic service using the data token, the encrypted server data corresponding to the data to be transmitted to the client computer system, and the encrypted server data encrypted using a cryptoprocessor with a key that is based on the encrypted premaster secret; and
providing the encrypted server data to the client computer system.

US Pat. No. 10,218,681

HOME NETWORK CONTROLLING APPARATUS AND METHOD TO OBTAIN ENCRYPTED CONTROL INFORMATION

SAMSUNG ELECTRONICS CO., ...

1. A method of controlling, by a control device, at least one device by using control information, the method comprising:receiving, from a server, information used to configure a user interface or process an event related to controlling the at least one device by the control device, which has not been encrypted;
receiving, from the server, control information used to control at least one device, which has been encrypted using an encryption process;
transmitting a control command for controlling the at least one device according to the control information.

US Pat. No. 10,218,680

MECHANISM FOR EFFICIENT PRIVATE BULK MESSAGING

Axway Inc., Phoenix, AZ ...

1. A document management system comprising:a server coupled into a transmission path between a sender and target recipients to receive from the sender and to provide to at least some of the target recipients a message, wherein the provided message is encrypted at least for storage at the server using a sender key and is decryptable using a corresponding message decryption key that is, in turn, separately encrypted for each of the target recipients using respective encryption keys associated with the target recipients themselves, thereby resulting in a plurality of recipient-associated encrypted decryption keys;
the sender providing a digital signature and a list of recipient-associated encrypted decryption keys to the server, wherein the sender digests at least a portion of the list, but not the message itself, to form a digest and encrypts the digest with the sender's private key of a public-private pair to create the digital signature;
the server providing each of the target recipients with at least a respective one of the recipient-associated encrypted decryption keys for decryption by the respective target recipient to recover the underlying message decryption key and to thereby provide the respective target recipient with access to the encrypted message.

US Pat. No. 10,218,679

SECURE SINGLE SIGN ON AND CONDITIONAL ACCESS FOR CLIENT APPLICATIONS

Citrix Systems, Inc., Fo...

1. A method comprising:receiving, by a gateway device, from an application on a client device, and via a secure communication tunnel between the client device and the gateway device, an authentication request comprising a certificate;
accessing, by the gateway device, and from the certificate, a device identifier associated with the client device;
transmitting, by the gateway device, and to a server, a request to determine whether the client device is compliant with one or more security policies, wherein the request to determine whether the client device is compliant with one or more security policies indicates the device identifier associated with the client device;
in response to transmitting the request to determine whether the client device is compliant with one or more security policies, receiving, by the gateway device, and from the server, an indication of whether the client device is compliant with one or more security policies; and
determining, by the gateway device, and based on the indication of whether the client device is compliant with one or more security policies, whether to grant the application on the client device access to a service associated with the application.

US Pat. No. 10,218,678

METHOD AND APPARATUS FOR ACCESSING THIRD-PARTY RESOURCES

CITRIX SYSTEMS, INC., Fo...

1. A method comprising:(a) receiving, by a device intermediary to a plurality of clients and a plurality of resource providers accessible via the device, a selection of a resource provider of the plurality of resource providers from an identity associated with a client of the plurality of clients, the identity authenticated by the device and the device establishing a first token for the identity to access the device;
(b) establishing, by the device, a second token for the identity to access via the device the resource provider of the plurality of resource providers;
(c) providing, by the device to the client, the first token comprising the second token encrypted;
(d) decrypting, by the device, the second token from the first token received from the client in association with a request from the client to access the resource provider, the first token to identify the identity instead of identifying information accessed from the client; and
(e) granting, by the device, the client access to the resource provider.

US Pat. No. 10,218,677

DYNAMIC PROVISIONING OF A FIREWALL ROLE TO USER DEVICES

T-Mobile USA, Inc., Bell...

1. A computing device configured to provide a security service to a mobile traffic network, the computing device comprising:a processor;
a network interface communicatively coupled to the processor and configured to enable communications with the mobile traffic network;
a storage device for content and programming;
a security application stored in the storage device, wherein execution of the security application by the processor configures the computing device to perform acts comprising:
creating a local network group comprising a plurality of user devices that are subscribed to the security service;
receiving a plurality of status reports, each status report of the plurality of status reports corresponding to at least one of the user devices of the local network group;
determining a plurality of competence scores, wherein each competence score of the plurality of competence scores corresponds to at least one of the user devices of the local network group and is based on a respective status report;
selecting one of the plurality of the user devices to act as a firewall for the plurality of user devices of the local network group based on the plurality of competence scores;
provisioning the selected user device to act as a firewall for the local network group; and
sending a message to the plurality of user devices of the local network group to route communication through the selected user device via a short range wireless communication technology.

US Pat. No. 10,218,676

FLEXIBLE NETWORK SECURITY SYSTEM AND METHOD FOR PERMITTING TRUSTED PROCESS

CAP CO., LTD., Ahsung-si...

1. A computer executing a firewall controlling inbound traffic, the firewall protecting the computer against a network connection attempt by setting restrictions on information communicated between networks, the computer comprising:an internal permitted program storage configured to store a list of programs permitted by the firewall;
an input interface configured to accept an indication that one or more permitted network communication programs are permitted by the firewall, thereby resulting in said one or more permitted network communication programs being added to the list of programs permitted by the firewall in the internal permitted program storage;
a port monitoring unit configured to automatically extract, outside of the firewall, information about a protocol using a server port, wherein the server port is designated as a port of a network communication program providing one or more packets of inbound traffic for a destination port; and
a flexible firewall device making the firewall flexible, the flexible firewall device configured to populate a list of server ports permitted by the firewall in an internal permitted port storage as follows:
detect that said network communication program tries to listen to said server port;
in response to detecting that said network communication program tries to listen to said server port, extract, outside of the firewall, using the port monitoring unit, information about the server port requesting communication with the destination port of the packets of inbound traffic; and
automatically store the extracted information about the server port in the internal permitted port storage if said network communication program matches a program on said list of programs permitted by the firewall in the internal permitted program storage;
wherein the flexible firewall device is further configured to thereafter selectively block or allow one or more packets of inbound traffic to the computer as follows:
make a determination whether a destination port of the one or more packets of inbound traffic matches one of the server ports included in the list of server ports permitted by the firewall in the internal permitted port storage;
either allow or block the one or more packets of inbound traffic based on the determination whether the destination port of the one or more packets of inbound traffic matches one of the server ports included in the list of server ports permitted by the firewall in the internal permitted port storage, and using the information about the server port and the protocol to determine whether registration exists in the internal permitted port storage; and
in the case of a determination that the registration does not exist, transmitting the corresponding packet to the firewall, and in the case of a determination that the registration exists, bypassing the firewall, as a transmission to a permitted port as a hooked original function.

US Pat. No. 10,218,675

LEGACY DEVICE SECURITIZATION USING BUMP-IN-THE-WIRE SECURITY DEVICES WITHIN A MICROGRID SYSTEM

Honeywell International I...

1. A system for legacy device securitization within a microgrid, comprising:a microgrid network having at least one remote network connection to a non-local network device and the microgrid network having at least one local legacy device in communication with the non-local network device, wherein the at least one local legacy device cannot perform cryptographic operations;
a first bump-in-the-wire (BITW) security device between the at least one local legacy device and the at least one remote connection, wherein the first bump-in-the-wire (BITW) security device performs asymmetric and symmetric operations on data passed between the at least one local legacy device and the non-local network device, wherein the first bump-in-the-wire (BITW) security device includes a first user interface to allow a user to access privileges to be given to the first bump-in-the-wire (BITW) security device, instructions to be sent to the first bump-in-the-wire (BITW) security device, and data available on the first bump-in-the-wire (BITW) security device to restrict access to the microgrid network, wherein the privileges to be given to the first bump-in-the-wire (BITW) security device include installing software and firmware on one or more devices of the microgrid network, wherein access attempts, successful logins, messages, or a combination thereof are logged into the microgrid network to enable auditing and forensic analysis, and wherein one or more authentication technologies are compared and selected for the microgrid network based on real time requirements of the microgrid network; and
a second bump-in-the-wire (BITW) security device between the non-local network device and the at least one remote connection, wherein the second bump-in-the-wire (BITW) security device performs asymmetric and symmetric operations on data passed between the non-local network device and the at least one remote connection, wherein the first and second bump-in-the-wire (BITW) security devices are positioned within the microgrid network to secure the at least one local legacy device, and wherein the bump-in-the-wire (BITW) security devices communicate with each other to cross check security settings and verify access requests on a secured network that is separate from the network accessed by the remote network connection, wherein the second bump-in-the-wire (BITW) security device includes a second user interface to allow the user to access privileges to be given to the second bump-in-the-wire (BITW) security device, instructions to be sent to the second bump-in-the-wire (BITW) security device, and data available on the second bump-in-the-wire (BITW) security device to restrict access to the microgrid network, and wherein the privileges to be given to the second bump-in-the-wire (BITW) security device include installing the software and the firmware on the one or more devices of the microgrid network.

US Pat. No. 10,218,674

MAC ADDRESS ALLOCATION FOR VIRTUAL MACHINES

Red Hat Israel, Ltd., Ra...

1. A method comprising:determining, by a processing device via a virtual machine, that a first network identifier has not been assigned to the virtual machine;
transmitting, by the processing device via the virtual machine, a network identifier request to a server, wherein the network identifier request comprises a universal identifier associated with the virtual machine;
determining that a data packet is directed to the virtual machine when the data packet comprises the universal identifier associated with the virtual machine, the data packet comprising a second network identifier assigned to the virtual machine by the server in response to the network identifier request; and
assigning the second network identifier to the virtual machine based on the data packet being directed to the virtual machine.

US Pat. No. 10,218,673

WEB CONTENT DISPLAY SYSTEM AND METHOD

Institute For Information...

1. A web content display system, comprising:a provided interface, for receiving a web address with an authorization data corresponding thereto inputted by a web content provider;
a processor, coupled to said provided interface and acquiring and analyzing at least one web content corresponding to said web address according to said web address and said authorization data corresponding thereto to obtain a title corresponding to said web content, an article content with a display format corresponding thereto and an original marketing content with a display format corresponding thereto;
a storage unit, coupled to the said processor and storing respectively, said title, said article content with said display format corresponding thereto, said original marketing content with said display format corresponding thereto and at least one third party marketing content; and
an operation interface, coupled to the said processor and receiving a request for said title from a user device;
wherein said processor generates an embedded code and a reprinted web address corresponding to the embedded code according to said request, wherein when executing to display the reprinted address, said embedded code is executed by a web browser and is linked to said processor to display a reorganized web content on said web browser according to said article content with said display format corresponding thereto, said original marketing content with said display format corresponding thereto and said at least one third party marketing content, wherein said article content of said reorganized web content and said article content of said web content have a same display format, wherein a marketing content of said reorganized web content is said original marketing content of said web content or said at least one third party marketing content.

US Pat. No. 10,218,672

MEASURING MACHINE COMMUNICATION WITH AUTOMATIC ADDRESS ALLOCATION

HEXAGON TECHNOLOGY CENTER...

1. A method for address allocation of participant-specific communication addresses for participants in a measuring system, the method comprising:performing a communication between the participants, which communication takes place via a bus system by means of messages with at least one communication address and a message content, wherein in the bus system the messages that are communicated by any of the participants are received by all other participants;
carrying out an automatic address iteration for at least one of the participants during a calibration or referencing of the measuring system, wherein the automatic address iteration comprises:
monitoring of the messages on the bus system; and
detecting of a collision by a communication address of a received message, which is identical to a participant-dedicated communication address of the at least one of the participants;
providing a collision-related allocation of a changed participant-dedicated communication address of the at least one of the participants to the at least one of the participants, which changed participant-dedicated communication address does not collide with the communication address of the received message; and
performing a defined stimulation of at least one sensor of the at least one of the participants to obtain one or more sensor values, which defined simulation is carried out within the calibration or referencing of the measuring system; and
performing a determination of an address-device allocation of the participants in the measuring system, which determination takes place using the one or more sensor values obtained by the defined stimulation.

US Pat. No. 10,218,671

DYNAMIC MEDIA ACCESS CONTROL ADDRESS ALLOCATION AND LEASING FOR WIRELESS NETWORK

Cisco Technology, Inc., ...

1. A method of operating a network, the method comprising:in the network, broadcasting, via an access point (AP), on a periodic basis, a packet comprising i) a MAC Pool identifier associated with the network and ii) one or more dynamic MAC addresses associated with the network, wherein each dynamic MAC address of the one or more dynamic MAC addresses is potentially assignable to a computing device that receives the packet;
in response to receipt of a packet response from a given computing device, wherein the packet response includes a broadcasted dynamic MAC address of the one or more broadcasted dynamic MAC addresses, determining whether the broadcasted dynamic MAC address has been associated with and/or assigned to a network device in the network; and
in response to the determination, (i) associating the broadcasted dynamic MAC address with the given computing device and (ii) adding the broadcasted dynamic MAC address to a list of plurality of assigned dynamic MAC addresses as an allocated dynamic MAC address assigned to the given computing device, wherein subsequent packets communicated to given computing device are based on the allocated dynamic MAC address.

US Pat. No. 10,218,670

PRESENTING TASKS IN EMAIL APPLICATION AND CALENDAR APPLICATION

Google LLC, Mountain Vie...

1. A non-transitory computer-readable storage medium comprising instructions stored thereon for presenting tasks in an email application and a calendar application, the instructions, when executed by at least one processor, being configured to cause a computing system to at least:generate an email application, the email application performing:
retrieving at least one task from a task database;
retrieving at least one email from an email database;
sorting the tasks and emails within a combined list based on:
at least one task done state of the at least one task and at least one email read state of the at least one email; and
for tasks and emails that have a same task done state or email read state, based on task due dates of the tasks and email received dates of the emails; and
concurrently presenting the at least one retrieved task and the at least one retrieved email in an email user interface in an order based on the sorting and presenting at least one task that should be performed on a current day at a top of the email user interface, the at least one retrieved task and the at least one retrieved email being adjacent and non-overlapping within the email user interface; and
generate a calendar application, the calendar application performing:
retrieving the at least one task from the task database;
retrieving at least one appointment from an appointment database; and
concurrently presenting the at least one retrieved task and the at least one retrieved appointment in a calendar user interface, the at least one retrieved task and the at least one retrieved appointment being adjacent and non-overlapping within the calendar user interface.

US Pat. No. 10,218,669

SYSTEM AND METHOD FOR VERIFYING DELIVERY AND INTEGRITY OF ELECTRONIC MESSAGES

RPost Communication, LTD,...

1. A system for transmitting an electronic message from a sender to a recipient through a network and determining, without compliance or co-operation of the recipient, whether the transmitted electronic message has been received by the recipient, comprising:a first server in electronic communication with a sender and at least one recipient, the first server utilizing a processor programmed using software operating commands to:
receive an original message from the sender,
store the original message in a memory associated with the first server,
create a new message from the original message by adding a link to the original message, the link programmed to
automatically extract when the new message has been opened at the recipient's mail agent,
call to the first server or a second server different from the first server to send a first information associated with the link from a database at the first or second server to the recipient,
the first or second server storing an indication that the first or second server was requested to send the first information associated with the link to the recipient,
the first or second server creating a second information from the stored indication, the second information including third information related to the original message and that the transmitted new message was opened at the recipient, and
transmit the new message and the link to the at least one recipient.

US Pat. No. 10,218,668

DETECTION AND MODIFICATION OF OBSOLETE MESSAGES

AMAZON TECHNOLOGIES, INC....

1. A system, comprising:at least one computing device;
an email updater service executable in the at least one computing device, wherein, when executed, the email updater service causes the at least one computing device to at least:
receive an email message from an email server, a content of the email message including displayable information about an occurrence of an event that is active during a first predefined period of time, the displayable information configured to be presented on a rendered version of the email message on a display of the at least one computing device;
send a first instruction to a client email application to alter an appearance of the email message prior to a start of the first predefined period of time as displayed on a user interface associated with an email folder including the email message; and
send a second instruction to the client email application to alter the appearance of the email message following an end of the first predefined period of time; and
the client email application executable in the at least one computing device, wherein when, executed, the client email application causes the at least one computing device to at least:
render the user interface such that the email message is displayed in an original form prior to the first predefined period of time;
modify the user interface in response to receiving the first instruction, the user interface being modified such that the email message is displayed in at least one of: a different color, a different shade, or a different pattern;
determine that the first predefined period of time has lapsed in response to receiving the second instruction; and
modify, after a second predefined period of time following an ending of the first predefined period of time, the user interface such that the email message is displayed in the original form.

US Pat. No. 10,218,667

SOCIAL NETWORK COMMUNITIES

salesforce.com, inc., Sa...

1. A system for providing, in an enterprise social networking service, internal groups for collaboration with users inside of an organization and external groups for collaboration with users outside of an organization, the system comprising:a database system implemented using a server system comprising one or more hardware processors, the database system configurable to cause:
identifying a user identity (ID) received from a computing device as one of a set of first user identities (IDs) of first users belonging to an internal group maintained using one or more internal group data objects in a database, the internal group maintained on behalf of a first organization in association with an enterprise social networking service, the first users being inside of the first organization, each first user having one or more of a set of first roles, the first roles comprising an employee of the first organization;
providing, to the computing device, access to the internal group responsive to identifying the user ID as one of the first user IDs, the access to the internal group defined at least in part by a first set of permissions for the computing device to access a first set of files stored in a database in association with the one or more internal group data objects and for the computing device to access a first set of social networking conversations associated with the one or more internal group data objects, the first set of social networking conversations comprising one or more posts and one or more comments shared in an internal group feed maintained for the internal group using one or more feed objects in a database;
processing a request received from the computing device to access an external group maintained using one or more external group data objects in a database, the external group maintained on behalf of the first organization in association with the enterprise social networking service, the processing of the request comprising identifying the user ID as one of a set of second user IDs of second users belonging to the external group, the second users comprising:
an internal subset of the second users comprising at least a portion of the first users, and
an external subset of the second users who are outside of the first organization, each second user in the external subset having one or more of a set of second roles, the second roles comprising a customer of the first organization and a partner of the first organization; and
providing, responsive to identifying the user ID as one of the second user IDs, the computing device with access to the external group, the access to the external group defined at least in part by a second set of permissions for the computing device to access a second set of files stored in a database in association with the one or more external group data objects and for the computing device to access a second set of social networking conversations associated with the one or more external group data objects, the second set of social networking conversations comprising one or more posts and one or more comments shared in an external group feed maintained for the external group using one or more feed objects in a database, the second set of permissions being restricted with respect to the first set of permissions to limit:
access by the external subset of second users to the first set of files associated with the one or more internal group data objects,
submission by the external subset of second users of a further file for inclusion in the first set of files,
access by the external subset of second users to the first set of social networking conversations associated with the one or more internal group data objects, and
sharing by the external subset of second users of a further post and a further comment in the internal group feed for inclusion in the first set of social networking conversations.

US Pat. No. 10,218,666

INTEGRATING OFFSITE ACTIVITIES WITH ONLINE DATA RECORDS

1. A method comprising steps of:generating an identifier in a first computer system, wherein the identifier is generated in at least one of anticipation of an electronically provided communication by a user and in response to the electronically provided communication by a user accessing network-based content associated with an entity, wherein the identifier associates the electronically provided communication by the user to an agent of an entity;
storing the identifier and the association of the identifier with the electronically provided communication in a memory that is in communication with the first computer system;
conveying the identifier from the first computer system to an external computer system;
receiving the identifier conveyed from the first computer system by the external computer system;
identifying and storing at least one information record associated with an activity of the user, wherein the information record is at least one of an electronically provided communication record and a data record,
wherein the at least one electronically provided communication record is associated with the electronically provided communication by the user by tagging at least one electronically provided communication record with the identifier, wherein each electronically provided communication record of at least one electronically provided communication record relates to the electronically provided communication by the user,
wherein the at least one data record is associated with the activity of the user by tagging each data record with the identifier, wherein each data record of at least one data record relates to the activity of the user, each of the at least one data record is stored on the external computer;
conveying the at least one information record from the external computer system to the first computer system;
receiving, at the first computer system from the external computer system, the at least one information record from the external computer system, wherein each information record of the at least one information record includes the identifier; and
using the identifier stored in the first computer system to associate the received at least one information record, related to the activity of the user, with the electronically provided communication.

US Pat. No. 10,218,665

SYSTEM RELATING TO 3D, 360 DEGREE OR SPHERICAL FOR REFERING TO AND/OR EMBEDDING POSTS, VIDEOS OR DIGITAL MEDIA WITHIN OTHER POSTS, VIDEOS, DIGITAL DATA OR DIGITAL MEDIA AND POSTS WITHIN ANYPART OF ANOTHER POSTS, VIDEOS, DIGITAL DATA OR DIGITAL MEDIA

Pixured, Inc., Zephyr Co...

1. A computer implemented method of managing posts for interacting with digital media items, digital media items comprising 3d, 360 degrees, geocoded or spherical digital images and video, comprising:providing a user application operating on one or more user devices which are operative to view web based digital media items, each of the digital media items comprising a sequence of frames having one or more objects that selectively change position in successive frames in the sequence of frames, the user application for creating posts that refer to one of the one or more objects in select ones of digital media items, the user application defining a select location of the post in each frame of the sequence of frames corresponding to position of the one object, comprising the user and/or the user application identifying the object location in select ones of successive frames in the sequence of frames, and the select location of the post in each frame comprises a select coordinate position;
providing a database system for storing user created posts; and
creating and managing embedded data in user created posts and links to the select location of the post in each frame of the sequence of frames for the one object in select one of digital media items, wherein users interacting with the user application can access user created posts, while viewing the digital media items.

US Pat. No. 10,218,664

RECURRENT INVITATION LOOP

Microsoft Technology Lice...

1. A method, comprising:sending, by computer, a first invitation organically generated by a first member of a user community, to an invitee who is not a member of the user community;
queuing all invitations organically generated by members of the user community and addressed to the invitee within a first time period after the invitee receives the first invitation;
when the invitee is not a member of the user community when the first time period expires:
if the queue is not empty, dequeuing and sending at least one queued invitation to the invitee; and
if the queue is empty, resending the first invitation to the invitee; and for one or more subsequent time periods after the first time period:
queuing all invitations organically generated by members of the user community and addressed to the invitee within the subsequent time period.